UPGRADE: Vol. V, Issue no. 6, December 2004 (The Keys of Cryptography)

Presentation
Cryptography: The Key for Information Security in The 21st Century [HTML] [PDF: 3 pages, 161 KB]
(includes a list of Useful References for those interested in knowing more about matters related to Software Agents.)
Arturo Ribagorda-Garnacho, Javier Areitio-Bertolín, and Jacques Stern - Guest Editors
Abstract: The guest editors present the monograph and briefly introduce the papers it consists of.

Graphic Cryptosystem Using Memory Cellular Automata [PDF: 3 pages, 548 KB]
Luis Hernández-Encinas, Ascensión Hernández-Encinas, Sara Hoya-White, Ángel Martín del Rey, and Gerardo Rodríguez-Sánchez
Abstract: In this paper, we introduce a new graphic cryptosystem based on reversible memory cellular automata. Its main feature is that the original image and the cipher image are defined by the same palette of colours and that the recovered image is identical to the original one; in other words, there is no loss of resolution. Furthermore, the proposed cryptosystem is proven to be secure against brute force attacks, statistical attacks and chosen-plaintext attacks.

Towards A Computer-Based Training Tool for Education in Cryptography [PDF: 6 pages, 181 KB]
Vasilios Katos, Terry King, and Carl Adams
Abstract: This paper discusses the requirements of a computer based learning tool specialised in supporting education in the discipline of cryptography. In order to consider a computer based e-learning environment, a roleplaying, problem-based approach to cryptography related scenarios was adopted. A number of scenarios
presented in this paper were used for analysing the requirements and for identifying attributes of the specialised e-learning environment that can support simulation of cryptographic activity on a protocol level. These attributes in turn would form the basis of a tool set to role-play different scenarios of communicating within the presence of adversaries. The role-play activity helps to develop an appreciation of the need for cryptography and an understanding of different cryptographic techniques. The role-play activity is particularly appropriate for enabling an understanding of protocol failures.

Arturo Ribagorda-Garnacho is a Telecommunications Engineer from the Universidad Politécnica de Madrid, Spain, and a Doctor of Computer Science from the same university. Currently he is a Full Professor and Head of the Computer Science Department of the Universidad Carlos III de Madrid of whose Higher Politecnic School (Escuela Politécnica Superior) he has also been the Director. His academic activity is centred around information technologies security, a field in which he has participated in several national and European research projects, and about which he has published more than 100 articles in national and international journals and presented a great many conference papers. He has also authored four books on the abovementioned topics. <arturo AT inf DOT uc3m DOT es>

Javier Areitio-Bertolín is PhD in Applied Physics from the Universidad del País Vasco, Spain. Full Professor in the Department of Telecommunications, Higher Technical School of Engineering, Universidad de Deusto, Spain. Head of the Networks and Systems Research Group. He is a member of CORDIS (Community
Research and Development Information Service) European Commission. He has been that technical coordinator of COMMETT “Information and Computer Security Project” (ICS/EU) and tutor for the AECI (Spanish Agency for International Cooperation). His main research field is security-cryptography in ICTs (Information and Communications Technologies), a field in which he has worked on numerous national and international research projects. He is a frequent speaker, moderator and evaluator at conferences, seminars and symposia, and he has authored many scientific articles in technical journals. He is the author of several technical books on security in computer networks, cryptography-cryptanalysis. He currently coordinates a number of applied projects in this field in collaboration with various Spanish companies and European universities. He is a member of several Spanish and international professional associations, such as ATI, where he is co-editor of the technical section “Security” of the journal Novática. <jareitio AT eside DOT deusto DOT es>

Jacques Stern got his PhD at the École Normale Supérieure de Paris, France, where, after a long teaching career in several universities, he is now Professor, since 1992, and Head of the Computer Science Laboratory, since 1996. He is an expert in Cryptography and has authored over one hundred papers, having been awarded ten
patents. He was Chair of the Program Committee of Eurocrypt 99 and guest speaker at Eurocrypt 03. He has also been a consultant for several companies and organizations. His current research intererst are in the following areas: Complexity theory (Interactive proofs and NP-complete problems), public key encryption, conventional block ciphers, cryptographic protocols, cryptanalysis, coding theory and error-correction, signatures, authentication and access control, and smart cards applications. He is a member of several consultative bodies of the French government, as well as Chevalier de la Legion d'honneur, and was awarded the Prix Lazare Carnot 2003 by the French Academy of Sciences <Jacques DOT Stern AT ens DOT fr>

UPENET (UPGRADE European NETwork) [PDF: 14 pages, 347 KB]

Data Warehousing
Transaction Concepts for Data Warehouses
Bartosz Bebel, Robert Wrembel, and Zbyszko Królikowski

This paper was first published, in English, by Pro Dialog (issue no. 18, 2004, pp. 143–149). Pro Dialog, a founding member of UPENET, is a journal copublished, in Polish or English, by the Polish CEPIS society PTI-PIPS (Polskie Towarzystwo Informatyczne – Polish Information Processing Society) and the Poznan University of Technology, Institute of Computing Science.

Abstract: A data warehouse (DW) is a repository of data acquired from external, autonomous and often heterogeneous data sources. DW provides information for analytical and decision-support processing. External data sources (EDSs) change over time, independently of a DW. To keep up with changes in EDSs, DW needs to be periodically synchronized with EDSs. This process is called DW refreshing process. Various anomalies can affect DW refreshing process, leading to DW data inconsistency. Paper presents the idea of utilization transaction concept in process of refreshing a data warehouse with versioning capabilities.

Web Services
A Reasoned Introduction to The Web Services World
Barbara Pernici and Pierluigi Plebani
This paper was first published, in its original Italian version, under the title “Un’introduzione ragionata al mondo dei web service”, by Mondo Digitale (issue no. 9, March 2004, pp. 15-26). Mondo Digitale, a founding member of UPENET, is the digital journal of the CEPIS Italian Society AICA (Associazione Italiana per l'Informatica ed il Calcolo Automatico).

Abstract: Service Oriented Computing is an ICT revolution which has Web Services technology as its most common instantiation. In this context the Web is not only a way to exchange information, but it can also be considered as a huge information system, in which a large number of services are available. This article presents an overview of Web Services, the technologies currently involved, and the open problems that the research community is dealing with.

History of Informatics
Conversations on the History of Informatics - An Interview with Niklaus Wirth
By Ann Dünki
This interview was first published, in English, by OCG Journal (issue 5/2004, December 29, pp. 22–23). OCG Journal, a founding member of UPENET, is the bimonthly journal and magazine of the Austrian CEPIS society OCG (Österreichische Computer Gesellschaft).

Abstract: Informatics is a young science and during the first decades computing scientists were too busy with the basics to have time for reflections. Informatics seems now to come to its adolescence. It is getting more and more independent from its many parents such as mathematics, systems theory, electronics and even economy, and it starts to pose questions concerning its roots, its deeper sense, and its role in the society – in short, it starts to concern itself with its own history. However, while many agree that such a history is important, few agree on what informatics is and how its history should be investigated. Therefore, the OCG (Austrian Computer Society) and ÖGIG (Austrian Society for History of Informatics) have decided to conduct a series of interviews with outstanding computing scientists, asking for their views on both the general issue of history of informatics and for their personal reflections on both the past and the future role of informatics in our society.

Cryptography is nowadays a very important and lively subject, which may seem unusual given that it is also a very ancient discipline. Furthermore, cryptography is a wide reaching subject, embracing all the different facets and aspects included in what we know today as Information Security. To illustrate the diversity and dynamism of this field, we have chosen a variety of articles which should, in our opinion, be of great value to readers of UPGRADE.

The article that opens this monographic (“Cryptography: A Brief Overview”, authored by Arturo Ribagorda-Garnacho and Javier Areitio-Bertolín) is a short introduction about the matter. Immediately afterwards, the paper “An Anonymous Communication Channel”, by Joan Mir-Rubio, Joan Borrell-Viader and Vanesa Daza-Fernández, deals with an underlying problem that arises when using the Internet as a communication channel: the lack of anonymity, an issue which is generating an increasing lack of confidence over the Internet, and on this subject, the authors present a very elegant and at the sametime robust solution. In “Escrowing Outgoing and Incoming Messages”, Mónica Breitman-Mansilla, Carlos Gete-Alonso, Paz Morillo-Bosch and Jorge L. Villar-Santos study and propose solutions to yet another red-hot issue in modern cryptography: the custody of keys used in secret-key cryptosystems. Meanwhile, Slobodan Petrovic and Amparo Fúster-Sabater present, in “Clock Control Sequence Reconstruction for Irregularly Clocked Generators”, a new attack on a very common type of stream ciphers, those controlled by linear feedback shift registers.

Also, image ciphering algorithms, a topic scarcely even thought of a few years ago, has recently been attracting growing interest: Luis Hernández-Encinas, Ascensión Hernández-Encinas, Sara Hoya-White, Ángel Martín del Rey and Gerardo Rodríguez-Sánchez examine this subject in their paper “Graphic Cryptosystem Using Memory Cellular Automata” and describe a new system that sidesteps the disadvantages of previous methods. The following article, “Elliptic CurveCryptography Applications”, written by María de Miguel-de Santos, Carmen Sánchez-Ávila and Raúl Sánchez-Reillo, describes the differences between elliptic curve ciphers and other more common ciphers based on integer factorisation or the discrete logarithm and conclude that elliptic curves ciphers are more adequate when working on systems with a low level of resources. Next comes “Towards A Computer-Based Training Tool for Education in Cryptography”, where Vasilios Katos, Terry King and Carl Adams present an automated tool to learn cryptography which aims to provide readers with a complete and succinct overview of the subject’s many aspects. The article “Towards A Scientific Analysis of Robust Critical Infrastructures” deals with security, of which cryptography is the most important pillar; in this paper, Yvo Desmedt carries out an in depth model based study to identify critical infrastructures in today’s modern societies and the possible attacks against them.

To close this presentation we would like to express our thanks to the editors of UPGRADE and Novática for giving us the opportunity to guest edit this monograph, which we hope will be useful for readers of both journals.

Translation by Almudena Galán

Useful References about Cryptography

These references, combined with those included in the papers this monograph consists of, enlarge the field of Cryptography for readers interested in knowing more about this matter.

Books

I. Blake, G. Seroussi, and N. Smart. Advances in Elliptic Curve Cryptography: Further Topics v.2. Cambridge University Press, 2004.
K. Bruen. Encryption, Error-Correction and Information Theory for the 21st Century. John Wiley and Sons Inc., 2004.
N. Ferguson and B. Schneier. Practical Cryptography. John Wiley & Sons Ltd., 2003.
S. Katzenbeisser. User’s Guide to Cryptography and Standards. Artech House Publishers, 2004.
P. Gutmann. Design and Verification of a Cryptographic Security Architecture. Springer Verlag, 2003.
S. Levy. CRYPTO: How the Code Rebels Beat the Government. Saving Privacy in the Digital Age. Viking Press, 2001.
W. Mao. Modern Cryptography: Theory and Practice. Prentice-Hall. PTR, 2003.
M. McLoone, J. V. McCanny. System-On-Chip Architectures and Implementations for Private-Key Data Encryption. Plenum Pub Corp., 2004.
J. McNamara. Secrets of Computer Espionage: Tactics and Countermeasures. John Wiley & Sons Ltd., 2003.
H. X. Mel, D.M. Baker. Cryptography Decrypted. Addison-Wesley Publishing Company, 2000.
R. A. Mollin. RSA and Public-Key Cryptography. Chapman & Hall, 2002.
M. Y. Rhee. Internet Security: Cryptographic Principles, Algorithms and Protocols. John Wiley & Sons, 2003.
K. Schmeh. Cryptography and Public Key Infrastructure on the Internet. John Wiley & Sons Ltd., 2003.
B. Schneier. Applied Cryptography. Protocols, Algorithms and Source code in C. 2nd. edición, John Wiley, 1996.
R. J. Spillman. Classical and Contemporary Cryptology. Pearson Education, 2004.
W. Stallings. Cryptography and Network Security. Principles and practice. Prentice Hall, 1999.
J. Stern. La Science du Secret. Editions Odile Jacob, 2004.
P. Thorsteinson. NET Security and Cryptography. Prentice-Hall. PTR, 2003.

(An Important) Document

OECD Cryptography Policy Guidelines. <http://www.oecd.org/document/11/0,2340,en_2649_34255_1814731_1_1_1_1,00.html>.

Events

EuroCrypt2005, promoted by IARC (International Association for Cryptologic Research) and the University of Aarhus, Denmark. <http://www.brics.dk/eurocrypt05/>.
RECSI (Spanish Meeting on Cryptology and Information Security, Reunión Española sobre Criptología y Seguridad de la Información). <http://www.uc3m.es/recsi/> (in Spanish).
SECURMATICA (Congress on Security in Information and Communications Technologies, Congreso de Seguridad en Tecnologías de Información y Comunicaciones). <http://www.securmatica.com/> (in Spanish).

Web Sites

CERT y Seguridad. <http://www.rediris.es/cert> (in Spanish).
Columbia University, USA, cryptographic links. <http://www.columbia.edu/acis/rad/secure-server/crypto-policy-links.html>.
Computer Security Group, University of Cambridge, United Kingdom; resources on Cryptography, including Steganography. <http://www.cl.cam.ac.uk/Research/Security/>.
Cryptography and the Finance Industry. <http://www.financialcryptography.com/>.
CriptoRed (Iberoamerican Tematic Network on Cryptography and Information Security, Red Temática Iberoamericana de Criptografía y Seguridad de la Información). <http://www.criptored.upm.es/> (in Spanish).
COSIC (Computer Security and Industrial Cryptography). <http://www.esat.kuleuven.ac.be/>
EPIC (Electronic Privacy Information Center) Archive - International Cryptography Policy. <http://www.epic.org/crypto/intl/>.
IARC (International Association for Cryptologic Research), scientific research organization on Cryptography and related fields. <http://www.iacr.org>.
National Cryptologic Museum of NSA (National Security Agency), Maryland (USA). <http://www.nsa.gov/museum>.
PGP (Pretty Good Privacy), program developed by Phil Zimmerman in order to protect digital information, including e-mail. <http://www.pgpi.org>.
RSA Security, leading company in RSA cryptologic solutions. <http://www.rsasecurity.com/>.
SCSI (Service de Cryptografie et Securité Informatique, Université Libre de Bruxelles, Belgium). <http://www.ulb.ac.be/rech/inventaire/unites/ULB516.html>.
TF-CSIRT Task Force (European Programme TERENA). <http://www.terena.nl/tech/task-forces/tf-csirt/>.