Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9652921
J. Sigholm, Emil Larsson
In this paper we revisit a study presented at MILCOM 2014. Our goal then was to determine the utility of implanting a vulnerability into a cybersecurity software protocol to an actor planning to execute an offensive cyber operation. Based on a case study describing the then recently discovered Heartbleed bug as an offensive cyber operation, a model was devised to estimate the adoption rate of an implanted flaw in OpenSSL. Using the adoption rate of the cryptographic protocol Transport Layer Security version 1.2 as a proxy, we predicted that the global adoption of the vulnerability of at least 50% would take approximately three years, while surpassing 75% adoption would take four years. Compared to subsequently collected real-world data, these forecasts turned out to be surprisingly accurate. An evaluation of our proposed model shows that it yields results with a root-mean-square error of only 1.2% over the forecasting period. Thus, it has a significant degree of predictive power. Although the model may not be generalizable to describe the adoption of any software protocol, the finding helps validate our previously drawn conclusion that exploiting implanted cyber vulnerabilities, in a scenario like the one presented, requires a planning horizon of multiple years. However, as society becomes further dependent on the cyber domain, the utility of intentional vulnerability implantation is likely an exercise in diminishing returns. For a defender, however, our model development process could be useful to forecast the time required for flawed protocols to be phased out.
{"title":"Cyber Vulnerability Implantation Revisited","authors":"J. Sigholm, Emil Larsson","doi":"10.1109/MILCOM52596.2021.9652921","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9652921","url":null,"abstract":"In this paper we revisit a study presented at MILCOM 2014. Our goal then was to determine the utility of implanting a vulnerability into a cybersecurity software protocol to an actor planning to execute an offensive cyber operation. Based on a case study describing the then recently discovered Heartbleed bug as an offensive cyber operation, a model was devised to estimate the adoption rate of an implanted flaw in OpenSSL. Using the adoption rate of the cryptographic protocol Transport Layer Security version 1.2 as a proxy, we predicted that the global adoption of the vulnerability of at least 50% would take approximately three years, while surpassing 75% adoption would take four years. Compared to subsequently collected real-world data, these forecasts turned out to be surprisingly accurate. An evaluation of our proposed model shows that it yields results with a root-mean-square error of only 1.2% over the forecasting period. Thus, it has a significant degree of predictive power. Although the model may not be generalizable to describe the adoption of any software protocol, the finding helps validate our previously drawn conclusion that exploiting implanted cyber vulnerabilities, in a scenario like the one presented, requires a planning horizon of multiple years. However, as society becomes further dependent on the cyber domain, the utility of intentional vulnerability implantation is likely an exercise in diminishing returns. For a defender, however, our model development process could be useful to forecast the time required for flawed protocols to be phased out.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124192484","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9653128
Kyle Willstatter, M. Zoltowski
The high PAPR of OFDM transmission leads to power/cost inefficiencies in amplifier use and/or spectral noise from clipping effects. To avoid these issues, we propose transmitting a complementary sequence pair whose aperiodic autocorrelations sum to a delta function in such a way that the amplitude of the signal is constant. This enables the use of low-cost nonlinear amplifiers operating at full power. The sequence pair is constructed iteratively, by sequential encoding of information symbols onto the pair such that the sequences remain complementary. The structure of these sequences and the resulting constant-envelope signal are analyzed, leading to methods of symbol extraction and the results of a decoding error. Finally, we extend the discussion to two dimensional sequence pairs, for use in mmWave/MIMO systems where the inefficiencies of a high PAPR are even more acute.
{"title":"Complementary Sequence Construction for Constant-Envelope OFDM Transmission Enabling Nonlinear Amplification and Clipping","authors":"Kyle Willstatter, M. Zoltowski","doi":"10.1109/MILCOM52596.2021.9653128","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9653128","url":null,"abstract":"The high PAPR of OFDM transmission leads to power/cost inefficiencies in amplifier use and/or spectral noise from clipping effects. To avoid these issues, we propose transmitting a complementary sequence pair whose aperiodic autocorrelations sum to a delta function in such a way that the amplitude of the signal is constant. This enables the use of low-cost nonlinear amplifiers operating at full power. The sequence pair is constructed iteratively, by sequential encoding of information symbols onto the pair such that the sequences remain complementary. The structure of these sequences and the resulting constant-envelope signal are analyzed, leading to methods of symbol extraction and the results of a decoding error. Finally, we extend the discussion to two dimensional sequence pairs, for use in mmWave/MIMO systems where the inefficiencies of a high PAPR are even more acute.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125906007","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9652916
S. Venkatesan, Harshvardhan Digvijay Sikka, R. Izmailov, R. Chadha, Alina Oprea, Michael J. de Lucia
Among many application domains of machine learning in real-world settings, cyber security can benefit from more automated techniques to combat sophisticated adversaries. Modern network intrusion detection systems leverage machine learning models on network logs to proactively detect cyber attacks. However, the risk of adversarial attacks against machine learning used in these cyber settings is not fully explored. In this paper, we investigate poisoning attacks at training time against machine learning models in constrained cyber environments such as network intrusion detection; we also explore mitigations of such attacks based on training data sanitization. We consider the setting of poisoning availability attacks, in which an attacker can insert a set of poisoned samples at training time with the goal of degrading the accuracy of the deployed model. We design a white-box, realizable poisoning attack that reduced the original model accuracy from 95% to less than 50 % by generating mislabeled samples in close vicinity of a selected subset of training points. We also propose a novel Nested Training method as a defense against these attacks. Our defense includes a diversified ensemble of classifiers, each trained on a different subset of the training set. We use the disagreement of the classifiers' predictions as a data sanitization method, and show that an ensemble of 10 SVM classifiers is resilient to a large fraction of poisoning samples, up to 30% of the training data.
{"title":"Poisoning Attacks and Data Sanitization Mitigations for Machine Learning Models in Network Intrusion Detection Systems","authors":"S. Venkatesan, Harshvardhan Digvijay Sikka, R. Izmailov, R. Chadha, Alina Oprea, Michael J. de Lucia","doi":"10.1109/MILCOM52596.2021.9652916","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9652916","url":null,"abstract":"Among many application domains of machine learning in real-world settings, cyber security can benefit from more automated techniques to combat sophisticated adversaries. Modern network intrusion detection systems leverage machine learning models on network logs to proactively detect cyber attacks. However, the risk of adversarial attacks against machine learning used in these cyber settings is not fully explored. In this paper, we investigate poisoning attacks at training time against machine learning models in constrained cyber environments such as network intrusion detection; we also explore mitigations of such attacks based on training data sanitization. We consider the setting of poisoning availability attacks, in which an attacker can insert a set of poisoned samples at training time with the goal of degrading the accuracy of the deployed model. We design a white-box, realizable poisoning attack that reduced the original model accuracy from 95% to less than 50 % by generating mislabeled samples in close vicinity of a selected subset of training points. We also propose a novel Nested Training method as a defense against these attacks. Our defense includes a diversified ensemble of classifiers, each trained on a different subset of the training set. We use the disagreement of the classifiers' predictions as a data sanitization method, and show that an ensemble of 10 SVM classifiers is resilient to a large fraction of poisoning samples, up to 30% of the training data.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129864840","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9653006
Albert Williams, D. Towsley
Military sensor networks often operate in resource challenged environments. This poses the problem of how to allocate resources to sensors flow to accomplish a mission. In this paper we consider a set of sensors that communicate observations up a tree to a fusion center. The value of the mission is modeled by a separable increasing concave functions and we develop a low complexity one step algorithm that allocates link capacities to each sensor so as to maximize this function. By limiting ourselves to a tree topology, we derive several important benefits, including the ability to quickly adapt to changes in utility functions or topology, and in a straightforward way to run our algorithm in a parallel, distributed manner over the network with little communication overhead and no centralized planning.
{"title":"Optimizing Flows in Changing Tree-based Sensor Networks","authors":"Albert Williams, D. Towsley","doi":"10.1109/MILCOM52596.2021.9653006","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9653006","url":null,"abstract":"Military sensor networks often operate in resource challenged environments. This poses the problem of how to allocate resources to sensors flow to accomplish a mission. In this paper we consider a set of sensors that communicate observations up a tree to a fusion center. The value of the mission is modeled by a separable increasing concave functions and we develop a low complexity one step algorithm that allocates link capacities to each sensor so as to maximize this function. By limiting ourselves to a tree topology, we derive several important benefits, including the ability to quickly adapt to changes in utility functions or topology, and in a straightforward way to run our algorithm in a parallel, distributed manner over the network with little communication overhead and no centralized planning.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125077026","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9653081
N. Tayem, Ahmed A. Hussain, Vinay Reddy Veramareddy, A. Soliman, J. Alghazo
In this paper, we present a novel and computationally efficient DOA estimation method that works equally well for both non-coherent and coherent sources. This method is based on applying the propagator method as a linear operator to the covariance matrix of the received data taken from a single snapshot of signals impinging on a uniform linear array. A Toeplitz Hermitian data matrix is constructed and transformed to a real-valued data matrix which significantly reduces computational complexity. The propagator method obviates the need to use either eigenvalue decomposition or singular value decomposition in calculating the DOA. Finally, the Root-MUSIC method is employed in conjunction with proposed method to estimate the angles of arrivals from the received signal. Simulation results demonstrate the efficacy of the proposed method.
{"title":"Propagator Rooting Method Direction of Arrival Estimation Based on Real Data","authors":"N. Tayem, Ahmed A. Hussain, Vinay Reddy Veramareddy, A. Soliman, J. Alghazo","doi":"10.1109/MILCOM52596.2021.9653081","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9653081","url":null,"abstract":"In this paper, we present a novel and computationally efficient DOA estimation method that works equally well for both non-coherent and coherent sources. This method is based on applying the propagator method as a linear operator to the covariance matrix of the received data taken from a single snapshot of signals impinging on a uniform linear array. A Toeplitz Hermitian data matrix is constructed and transformed to a real-valued data matrix which significantly reduces computational complexity. The propagator method obviates the need to use either eigenvalue decomposition or singular value decomposition in calculating the DOA. Finally, the Root-MUSIC method is employed in conjunction with proposed method to estimate the angles of arrivals from the received signal. Simulation results demonstrate the efficacy of the proposed method.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127298499","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9653050
Mattia Fogli, Geert L. J. Pingen, Thomas Kudla, S. Webb, Niranjan Suri, H. Bastiaansen
Nowadays, ever-increasing processing and storage resources are available at all echelons, from operations centers to tactical units. However, tactical-edge communications still suffer from scarce network resources such as limited bandwidth, intermittent connectivity, and variable latency. In addition, modern military missions typically involve coalition operations, where heterogeneous mission partners (even belonging to different nations) cooperate in the field. As a result, the distribution of mission-critical information is more complicated than ever. On the one hand, the dynamic nature of the tactical environment frequently disrupts communications. On the other hand, individual resource-sharing policies prevent mission partners from taking full advantage of the available resources in situ. The NATO IST-168 RTG has been exploring commercial-off-the-shelf orchestration technologies for implementing a federated cloud architecture that enables adaptive information processing and dissemination while living within the constraints of the tactical domain. This paper is a follow-up study that assesses the behaviour of Kubernetes under the disadvantaged network conditions characterizing tactical edge networks.
{"title":"Towards a COTS-Enabled Federated Cloud Architecture for Adaptive C2 in Coalition Tactical Operations: A Performance Analysis of Kubernetes","authors":"Mattia Fogli, Geert L. J. Pingen, Thomas Kudla, S. Webb, Niranjan Suri, H. Bastiaansen","doi":"10.1109/MILCOM52596.2021.9653050","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9653050","url":null,"abstract":"Nowadays, ever-increasing processing and storage resources are available at all echelons, from operations centers to tactical units. However, tactical-edge communications still suffer from scarce network resources such as limited bandwidth, intermittent connectivity, and variable latency. In addition, modern military missions typically involve coalition operations, where heterogeneous mission partners (even belonging to different nations) cooperate in the field. As a result, the distribution of mission-critical information is more complicated than ever. On the one hand, the dynamic nature of the tactical environment frequently disrupts communications. On the other hand, individual resource-sharing policies prevent mission partners from taking full advantage of the available resources in situ. The NATO IST-168 RTG has been exploring commercial-off-the-shelf orchestration technologies for implementing a federated cloud architecture that enables adaptive information processing and dissemination while living within the constraints of the tactical domain. This paper is a follow-up study that assesses the behaviour of Kubernetes under the disadvantaged network conditions characterizing tactical edge networks.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"76 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122389480","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9652977
Suzanna Lamar, J. Gosselin, Ivan Caceres, Sarah Kapple, A. Jayasumana
Making use of spectrally diverse communications links to re-route traffic in response to dynamic environments to manage network bottlenecks has become essential in order to guarantee message delivery across heterogeneous networks. We propose an innovative, proactive Congestion Aware Intent-Based Routing (CONAIR) architecture that can select among available communication link resources based on quality of service (QoS) metrics to support continuous information exchange between networked participants. The CONAIR architecture utilizes a Network Controller (NC) and artificial intelligence (AI) to re-route traffic based on traffic priority, fundamental to increasing end user quality of experience (QoE) and mission effectiveness. The CONAIR architecture provides network behavior prediction, and can mitigate congestion prior to its occurrence unlike traditional static routing techniques, e.g. Open Shortest Path First (OSPF), which are prone to congestion due to infrequent routing table updates. Modeling and simulation (M&S) was performed on a multi-hop network in order to characterize the resiliency and scalability benefits of CONAIR over OSPF routing-based frameworks. Results demonstrate that for varying traffic profiles, packet loss and end-to-end latency is minimized.
{"title":"Congestion Aware Intent-Based Routing using Graph Neural Networks for Improved Quality of Experience in Heterogeneous Networks","authors":"Suzanna Lamar, J. Gosselin, Ivan Caceres, Sarah Kapple, A. Jayasumana","doi":"10.1109/MILCOM52596.2021.9652977","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9652977","url":null,"abstract":"Making use of spectrally diverse communications links to re-route traffic in response to dynamic environments to manage network bottlenecks has become essential in order to guarantee message delivery across heterogeneous networks. We propose an innovative, proactive Congestion Aware Intent-Based Routing (CONAIR) architecture that can select among available communication link resources based on quality of service (QoS) metrics to support continuous information exchange between networked participants. The CONAIR architecture utilizes a Network Controller (NC) and artificial intelligence (AI) to re-route traffic based on traffic priority, fundamental to increasing end user quality of experience (QoE) and mission effectiveness. The CONAIR architecture provides network behavior prediction, and can mitigate congestion prior to its occurrence unlike traditional static routing techniques, e.g. Open Shortest Path First (OSPF), which are prone to congestion due to infrequent routing table updates. Modeling and simulation (M&S) was performed on a multi-hop network in order to characterize the resiliency and scalability benefits of CONAIR over OSPF routing-based frameworks. Results demonstrate that for varying traffic profiles, packet loss and end-to-end latency is minimized.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121115491","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9652967
Tarak Arbi, B. Geller, O. Pasquero
Jamming attacks can severely limit wireless networks availability and can cause serious damage, in particular for tactical applications. Over the past decades, Direct-Sequence Spread Spectrum (DSSS) has been used to enhance resistance to jamming. In this paper, we first analyze the performance of the DSSS modulation in the presence of malicious jamming; we take into account by considering different physical phenomena such as a large Doppler shift and we use at the receiver side robust synchronization algorithms. We then propose to consider jointly rotated constellations and the DSSS technique in order to enhance robustness against jamming, while keeping reasonable complexity. Simulations results underline the good performance of our proposal as it shows a gain of several dBs compared to the DSSS technique with conventional constellations.
{"title":"Direct-Sequence Spread Spectrum with Signal Space Diversity for High Resistance to Jamming","authors":"Tarak Arbi, B. Geller, O. Pasquero","doi":"10.1109/MILCOM52596.2021.9652967","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9652967","url":null,"abstract":"Jamming attacks can severely limit wireless networks availability and can cause serious damage, in particular for tactical applications. Over the past decades, Direct-Sequence Spread Spectrum (DSSS) has been used to enhance resistance to jamming. In this paper, we first analyze the performance of the DSSS modulation in the presence of malicious jamming; we take into account by considering different physical phenomena such as a large Doppler shift and we use at the receiver side robust synchronization algorithms. We then propose to consider jointly rotated constellations and the DSSS technique in order to enhance robustness against jamming, while keeping reasonable complexity. Simulations results underline the good performance of our proposal as it shows a gain of several dBs compared to the DSSS technique with conventional constellations.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"334 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116529279","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9652931
D. Erricolo, William P. Alberth
A review of the evolution that led to massive MIMO system is provided. Implementation challenges are discussed and a justification for the use of the 12 GHz bandwidth is given.
对导致大规模MIMO系统的发展进行了回顾。讨论了实现挑战,并给出了使用12ghz带宽的理由。
{"title":"Massive MIMO: review and a case for the 12 GHz band","authors":"D. Erricolo, William P. Alberth","doi":"10.1109/MILCOM52596.2021.9652931","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9652931","url":null,"abstract":"A review of the evolution that led to massive MIMO system is provided. Implementation challenges are discussed and a justification for the use of the 12 GHz bandwidth is given.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126117971","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9652958
A. Kaminsky, M. Kurdziel, Steven Farris, M. Lukowiak, S. Radziszowski
A Cross Domain Problem (CDP) is the question of how to securely access and exchange information between the domains of varying security levels. A Cross Domain Solution (CDS) addresses the CDP by designing the framework and protocols for such access and transfers. Most existing CDS methods rely on policies and trusted parties to manage different security levels. A CDS that can function in the presence of untrusted parties is a challenge. Functional Encryption (FE) is an encryption scheme in which a secret key allows one to compute a specific function of plaintext from the ciphertext. FE is a generalization of identity-based and attribute-based encryption frameworks. General and simultaneously practical FE is an emerging area, and only special types of encryption schemes and functions are effectively handled within existing systems. We apply the concepts of FE to explore a new solution to the CDP, and we argue that our solution does not leak information, provided that widely accepted assumptions about standard digital signatures hold. We built a practical software case study application using a trusted Key Distribution Center (KDC), a standard symmetric key block cipher component (like the AES), and using the Elliptic Curve Digital Signature Algorithm (ECDSA). The experiments show that the computational overhead introduced to routing by our method is cost effective, where the additional cost is equivalent to just a few applications of standard digital signatures.
{"title":"Solving the Cross Domain Problem with Functional Encryption","authors":"A. Kaminsky, M. Kurdziel, Steven Farris, M. Lukowiak, S. Radziszowski","doi":"10.1109/MILCOM52596.2021.9652958","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9652958","url":null,"abstract":"A Cross Domain Problem (CDP) is the question of how to securely access and exchange information between the domains of varying security levels. A Cross Domain Solution (CDS) addresses the CDP by designing the framework and protocols for such access and transfers. Most existing CDS methods rely on policies and trusted parties to manage different security levels. A CDS that can function in the presence of untrusted parties is a challenge. Functional Encryption (FE) is an encryption scheme in which a secret key allows one to compute a specific function of plaintext from the ciphertext. FE is a generalization of identity-based and attribute-based encryption frameworks. General and simultaneously practical FE is an emerging area, and only special types of encryption schemes and functions are effectively handled within existing systems. We apply the concepts of FE to explore a new solution to the CDP, and we argue that our solution does not leak information, provided that widely accepted assumptions about standard digital signatures hold. We built a practical software case study application using a trusted Key Distribution Center (KDC), a standard symmetric key block cipher component (like the AES), and using the Elliptic Curve Digital Signature Algorithm (ECDSA). The experiments show that the computational overhead introduced to routing by our method is cost effective, where the additional cost is equivalent to just a few applications of standard digital signatures.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129167258","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: