Modeling and Evaluating Security

Designing a secure cryptographic system that provides assurance about its claimed security requires a clear model and definition of security goals and possible attacks.. Once a system is designed, it must be evaluated against the model and be `shown’ to conform with the model.

Modeling and evaluating security in modern cryptographic systems takes three main approaches: information theoretic, computational and quantum theoretic.

Information Theoretic Security

Scientific study of security systems was pioneered by Claude Shannon using information theoretic approach. In an information-theoretically secure system the attacker has unbounded computing power and security does not rely on unproven assumptions (e.g., factorization is a hard problem) and the guaranteed security will last even with the development of new types of computers, such as quantum computers. The first information-theoretically secure cryptosystem is the one-time pad (due to Shannon) and guarantees perfect secrecy. The One-time-pad requires a secret key of the same length as the message to be securely shared between the sender and the receiver and so is only used in applications that security is of strategic importance. Unconditionally secure systems have been designed for a variety of cryptographic tasks, including message authentication, secret sharing and multiparty computation.

The current focus of our work (though not limited to) is on authenticity of information, deriving information theoretic bounds on performance of authentication systems and construction of optimal and sub-optimal systems achieving the bounds and providing provable security at acceptable cost, respectively. We consider strong attack models such as adversary with oracle access, and new scenarios motivated by recent applications, such as authentication of fuzzy data.

Computational Security

In cryptography, security systems are defined in terms of their required security properties (e.g. anonymity of voters in an electronic voting system) and what the adversary can do in the system (e.g. voting authorities colluding to find out the vote of an individual). In systems with provable security it is shown that a successful attack is not possible. In computationally secure systems this means that a successful attacker in the system can also break another system that is known (i.e. proved in its own right) to be secure, or solve a mathematical problem that is widely believed, though unproved, to be hard (e.g., factorize a large number or extract a discrete logarithm).

Proofs in computationally secure framework are asymptotic and, though sufficient for feasibility results, have to be further refined into an exact or concrete security approach. This refinement allows the key sizes to be quantified in terms of adversary's power.

Some of our recent work include, design of signature and authentication systems with special properties, privacy protecting credential systems, cryptographic support for group and collabotative work, cryptographic support for secure content distribution.

At ISPIA, we analyze the mathematical and computational hardness of number theoretic problems that provide computational security for public key cryptography, and develop algorithms for solving these problems. We use ISPIA's Advanced Cryptography Laboratory’s Beowulf cluster to model a potential adversary’s computational power, conducting very large-scale numerical experiments. The data thus acquired lead to a better understanding of the computational hardness of a given problem and aid in accurately determining parameter sizes that are sufficiently large to ensure safe use of discrete logarithm based cryptographic schemes.

Quantum Cryptography

Quantum key distribution enables two parties to share a secret key that is information-theoretically secure. The key can be used in a cryptographic algorithm such as a one-time-pad to provide perfect secrecy for communication between a sender and a receiver. The importance of Quantum Cryptography (QC) for the future of ICT has been recognized worldwide, and the first commercial systems are available since a few years. However current systems are limited: they have low secret key rates, the integration into next-generation security architecture is still at an early stage, and the requisite quantum technology to allow quantum secured communication over more than 100 km distance remains to be developed.

Canada cannot expect to import working QC systems due to trade restrictions, nor can imported technology be fully trusted because of the risk of “backdoor” information leakage.

Our work focuses on:

  • the building of point-to-point QC links over optical fibres with unprecedented secret key rates for up to 100 km distance.
  • the integration of point-to-point QC links with high security encoding protocols and into existing (tele-)communication networks.
  • basic research into the building of a quantum relay and repeater to extend QC across Alberta and ultimately across the nation.

The link between the Institute for Quantum Information Science, the ATIPS laboratory , the Southern Alberta Institute for Technology, and General Dynamics Canada will ensure that scientific and engineering faculties, institutes of technology and industry join forces for the integration of QC into next-generation communication-security architectures.