Learning and Understanding Cryptology

by Emil SIMION

“Simion Stoilow” Institute of Mathematics of the Romanian Academy,
ROMANIA
esimion[at]fmi.unibuc.ro

Abstract: In our days, when we deal with the speed of information transition, we need efficient tools for learning and understanding in different sciences areas. These interactive tools are based on simulation and visual presentations. One of these tools is CrypTool, a software used in cryptology area (cryptography and cryptanalysis) developed by Siegen and Darmstadt universities and is based on open projects (e.g. OpenSSL, Miracl etc.). This paper will present some of the capabilities of Cryptool software.

About a Visual Secret Sharing Scheme

by Ruxandra-Florentina OLIMID

Faculty of Mathematics and Computer Science
University of Bucharest
ROMANIA
ruxandra.olimid[at]fmi.unibuc.ro

Abstract: The paper presents a VSS (Visual Secret Sharing Scheme) for sharing black-and-white secret images, providing perfect recovery of the initial picture when all participants cooperate and full secrecy for at most 2 cooperating participants. The construction of the scheme is based on the idea that the shares are represented by colored images constructed by using a random choice of pixel color, except some mandatory but easy to achieve constraints. One other advantage of the scheme is its simplicity exposure.

 

Lattice Problems in Cryptography

by Adela MIHAITA

Faculty of Mathematics and Computer Science
University of Bucharest,
ROMANIA
adela[at]funinf.cs.unibuc.ro

Abstract: Lattice-based cryptography has undergone rapid development in recent years and is very attractive due to the low asymptotic complexity and potential resistence to quantum computing attacks. This paper is intended to be a survey of the lattice problems which underlay many recent cryptographic schems, offering also some information on the computational complexity aspects of lattice problems and their use in cryptography.

Model Checking of Security Protocols in Casper-FDR2

by Cosmin CIURARU, Victor PATRICIU

Military Technical Academy
Romania
cosmin.ciuraru[at]gmail.com, vip[at]mta.ro

Abstract: Model checking [1], applied to hardware and [critical] software systems, as a way to reduce the costs, from an early designing phase, through important information provided for these systems in connection with their specifications, was also adopted for security protocols [2], to tackle complex designs issues and correct difficult-to-spot errors, a priori. There are several approaches and tools for model checking of security protocols, among these, we will use Casper [3], a compiler which simplifies protocols modeling in the CSP language [4], in order to analyze those protocols with the model checker FDR2 [5]. To depict such a process, we will take a protocol from the SET suite [6] [7] [8], used for securing electronic payments, formally checked already in [9], but with a different approach.

Vulnerability Minimization Model in Web Distributed Applications

by Ion IVAN, Dragos PALAGHITA, Sorin VINTURIS, Mihai DOINEA

Informatics Economic Department
Academy of Economic Studies Bucharest,
ROMANIA
ionivan[at]ase.ro, dpalaghita[at]gmail.com, sorin.vinturis[at]yahoo.com, mihai.doinea[at]ie.ase.ro

Abstract: The paper whishes to emphasize the importance of analyzing the vulnerabilities of a web distributed application in order to block malicious attacks and prevent possible damage inflicted to distributed systems. Types of vulnerabilities are analyzed with insights on the distributed aspects. An analysis of the main vulnerabilities of authentication process is made and a model for minimizing them is described. A risk analysis is conducted to reveal the importance of such approach.

A Hardware Implementation of AES

by Valeriu TOGAN, Mihai TOGAN, Adrian FLOAREA, Gigi BUDARIU

Military Technical Academy,
CertSIGN, Military Equipment and Technologies Research Agency
ROMANIA
valeriu.togan[at]gmail.com, mihai.togan[at]gmail.com, adrian.floarea[at]certsign.ro, bugidan2001[at]yahoo.com

Abstract: This paper presents a particular implementation of a hardware cryptographic accelerator using FPGA . The accelerator contains implementation of the AES encryption algorithm. The main challenge was to reach a high processing speed using parallelization operations for the algorithms and to use the scalability of the processing power provided by FPGA.

Cryptographic Applications Using FPGA Technology

by Alexandru COMAN, Radu FRATILA

Military Technical Academy,
ROMANIA
coman_alex_ionut[at]yahoo.com, rs2123[at]gmail.com

Abstract: Cryptographic systems have become a part of our daily life through the need of security of many common activities such as communication, payments, data transfers etc. The best support in design and implementation of cryptographic applications is offered by embedded systems such as ASICs and FPGAs. In the past few years, the increase in performance of FPGAs has made them key components in implementing cryptographic systems. One of the most important parts of the cryptographic systems is the random number generator used. Combinations of PRNG and TRNG are commonly used. A good and efficient TRNG implementation is very important and can be achieved through FPGA technology.

Digital Watermarking using Chaotic Sequences and Dynamic Keys

by Cristian-Gabriel Apostol, Cristian-Iulian Rincu, Safwan El-Assad

Military Electronic and Computer Science Systems, IREENA,
Military Technical Academy, École Polytechnique de I’Université de Nantes
Romania, France
crs.apostol[at]gmail.com, iulian.rincu[at]gmail.com,safwan.elassad[at]univ-nantes.fr

Abstract: Digital watermarking is an emerging multimedia security method that has been developed in recent times. It has two main applications: copyright protection and data integrity verification. In this paper we want to show that these applications can be combined with advanced chaotic sequences and dynamic keys in order to increase the security level. In the same time we will show how the two different applications of digital watermarking resist against attacks.

AES Encryption and Decryption Using Direct3D 10 API

by Adrina Marius CHIUTA

Cybernetics and Economic Informatics
Academy of Economic Studies,
ROMANIA
achiuta[at]tessera.com

Abstract: Current video cards (GPUs – Graphics Processing Units) are very programmable, have become much more powerful than the CPUs and they are very affordable. In this paper, we present an implementation for the AES algorithm using Direct3D 10 certified GPUs. The graphics API Direct3D 10 is the first version that allows the use of integer operations, making from the traditional GPUs (that works only with floating point numbers), General Purpose GPUs that can be used for a large number of algorithms, including encryption. We present the performance of the symmetric key encryption algorithm – AES, on a middle range GPU and on a middle range quad core CPU. On the testing system, the developed solution is almost 3 times faster on the GPU than on one single core CPU, showing that the GPU can perform as an efficient cryptographic accelerator.

Smart Cards Applications in the Healthcare System

by Claudiu OLTEAN

IT&C Security Master
Cybernetics and Economic Informatics, Bucharest Academy of Economic Studies,
ROMANIA
claudius83[at]gmail.com

Abstract: Current medical system based on medical records and health books is outdated and no longer meets the new requirements. Essential information security in terms of data privacy, integrity and authenticity, is not assured. Healthcare fraud with medical records is quite easy, because there is no security features to prevent this. Obtaining prescription drugs is slowly, the patient is forced in most cases, to go to the pharmacy staff to get their prescription. Another issue is data portability because each clinic can use a proprietary format of medical records, which is not always standardized. Modern and efficient healthcare system can be achieved by introducing smart cards and related software. Their introduction in addition to the portability and data security, reduce costs for both patient and medical institutions. The result will be increase confidence and patient satisfaction in medical institutions. Developed software package includes software applications which manage medical archive to smartcard, in a secure form and a software module which can be used for e-commerce transactions. All developed software application meets current standards for data security. Implementation of such solutions in practice would significantly reduce current costs in healthcare system.

Security Issues for the Subway Ticketing Systems using 2D Barcodes

by Cristian TOMA

Cybernetics and Economic Informatics Faculty
Academy of Economic Studies,
ROMANIA
cristian.toma[at]ie.ase.ro

Abstract: The paper presents a solution for endcoding/decoding access to the subway public transportation systems. First part of the paper is dedicated through section one and two to the most used 2D barcodes used in the market – QR and DataMatrix. The sample for DataMatrix is author propietary and the QR sample is from the QR standard [2]. The section three presents MMS and Digital Rights Management topics used for issuing the 2D barcodes tickets. The second part of the paper, starting with section four shows the architecture of Subway Ticketing Systems and the proposed procedure for the ticket issuing. The conclusions identify trends of the security topics in the public transportation systems.

Rootkits and Malicious Code Injection

by Marius VLAD

IT&C Security Master
Cybernetics, Statistics and Economic Informatics Faculty
Academy of Economic Studies,
ROMANIA
m3s0n3.l4[at]gmail.com

Abstract: Rootkits, are considered by many to be one of the most stealthy computer malware(malicious software) and pose significant threats. Hiding their presence and activities impose hijacking the control flow by altering data structures, or by using hooks in the kernel. As this can be achieved by loadable kernel code sections, this paper tries to explain common entry points into a Linux kernel and how to keep a persistent access to a compromised machine.

Security Issues in Streaming Server for Mobile Devices Development

by Dan BARBU

Cybernetics, Statistics and Economic Informatics Faculty
Academy of Economic Studies,
ROMANIA
danciprian.barbu[at]gmail.com

Abstract: The paper presents a solution for streaming audio and video content in IP networks using RTP and SIP protocols. Second Section presents multimedia format and compression for the audio content that is streamed by SS4MD. Streaming protocols are shown in third section. In the forth section there is an example of an application which does uses all above. Conclusions are contoured in the final chapter.

4G GAA Architecture for User to IMS Registration

by Cristina-Elena VINTILA

Bucharest, Romania
cristina.vintila[at]gmail.com

Abstract: Over the latest few years, most of the major telephony and services providers have got their attention on the LTE/SAE solution, in the attempt of getting the most bandwidth and features at the least implementation and operating price. One of the major challenges that 3GPP, the creator of LTE/SAE architecture, has faced is the IMS integration with SAE. The latest standard version available at this moment on IMS integration and its security challenges is [10], which is focused on 3G security aspects. When talking about IMS-SIP security, there are several studies that propose end-to-end security for a SIP conversation over EPS infrastructure.This paper reviews the GAA security architecture available in 3GPP for providing secure access to application services, with emphasis on the interaction of 4G-GAA and IMS components, being the first step in a larger 4G-IMS interaction study with regards to security.

Considerations about Red Teaming Usage in Assessing Information Assurance

by Adrian FURTUNA, Victor-Valeriu PATRICIU, Ion BICA

Computer Science Department
Military Technical Academy,
ROMANIA
adif2k8[at]gmail.com, vip[at]mta.ro, ibica[at]mta.ro

Abstract: Red Teaming is an advanced form of assessment that models and simulates adversary actions with the overall purpose of discovering target’s weaknesses and improving its defenses. Also known as ethical hacking, penetration testing or security assessment, Red Teaming of information systems offers reliable information about the effectiveness of defense mechanisms implemented. The paper presents the Red Teaming process from both perspectives: the client and the assessor, covering various aspects like: motivation, assessment types, client benefits, client risks, assessment planning, team organization, attack preparation, execution and reporting.

2D Barcode for DNA Encoding

by Elena PURCARU, Cristian TOMA

Bucharest General Medicine Faculty, Cybernetics and Economic Informatics Faculty
“Carol Davila” University of Medicine and Pharmacy, Academy of Economic Studies
ROMANIA
elena.purcaru[at]gmail.com, cristian.toma[at]ie.ase.ro

Abstract: The paper presents a solution for encoding/decoding DNA information in 2D barcodes. First part focuses on the existing techniques and symbologies in 2D barcodes field. The 2D barcode PDF417 is presented as starting point. The adaptations and optimizations on PDF417 and on DataMatrix lead to the solution – DNA2DBC – DeoxyriboNucleic Acid Two Dimensional Barcode. The second part shows the DNA2DBC encoding/decoding process step by step. In conclusions are enumerated the most important features of 2D barcode implementation for DNA.

Interoperability Issues for VPN IPsec Solutions

by Danalachi IULIAN, Mihai-Lucian PETRESCU

Military Technical Academy
ROMANIA
iulian.danalachi[at]gmail.com, mihai.petrescu[at]gmail.com

Abstract: An issue of testing that should be taken into consideration is the compatibility and interoperability of the IPsec components when implementing an IPsec solution. This article will guide us trough some key point introductive notions involved in the interoperability problem, we’ll see a short overview of some of these problems and afterwards we will discuss about some of the testing solutions of IPsec interoperability that we should take into consideration.

PKI Interoperability Based on Online Certificate Validation

by Dinu SMADU

Military Technical Academy,
ROMANIA
smadudinu[at]gmail.com

Abstract: One of the most important problems related to Public Key Infrastructures is the validation of the digital certificates. Certificate validation services can be based on offline and/or online schemes. Offline schemes have the major disadvantage that they cannot always give an up-to-date response. On the other side, the most used protocol for online validation, the Online Certificate Status Protocol[1], also has its drawbacks. It can only state if a certificate has been revoked or not. RFC 5055 [2] defines a more complex protocol, the Server-based Certificate Validation Protocol (SCVP),  capable of building and validating the certification path. To implement a basic functionality of this new protocol, we will start from an existing project, the CADDISK and we will try to implement an OpenSSL module.

Using OpenID for E-learning Applications

by Felician ALECU, Paul POCATILU1, George STOICA, Cristian CIUREA, Sergiu CAPISIZU

Economic Informatics Department,
Academy of Economic Studies, Bucharest,
ROMANIA
alecu.felician[at]ie.ase.ro, ppaul[at]ase.ro, george.stoica[at]pss.ro, cristian.ciurea[at]ie.ase.ro, capisizu[at]mb.euroweb.ro

Abstract: Complex distributed e-learning applications require special focus on security. Distributed e- learning applications have several modules user can access using different clients (desktop or mobile). The same user has several accounts with different credentials. Using OpenID standard for e-learning Web-based applications is a good solution since the users need to access various areas and modules of the application. This paper presents the main characteristics of OpenID standard and how this standard could be implemented for a distributed, Web-based, e-learning application.

Web Single Sign-On Implementation Using the SimpleSAMLphp Application

by Ionut ANDRONACHE, Claudiu NISIPASIU

Military Technical Academy,
ROMANIA
ionut.andro[at]gmail.com, claudiu.nisipasiu[at]gmail.com

Abstract: Web Single Sign-On is a feature offered by web applications that have a trust relationship, not necessarily within the same company. The goal of Web SSO is to provide authentication information for all the web application in the trust relationship, without requiring the user to login in each web application.  SAML 2.0 is the standard that defines the framework in order to achieve Web SSO and identity federation in a web context. In order to make a Web SSO implementation, we used the open-source SimpleSAMLphp library, which implements the standards of SAML 2.0 and provides functionality for the two scenarios: SAML – Service Provider and SAML – Identity Provider.

Legal and Practical Aspects on the Computer Science  Investigation

by Florin Cosmin TRANDAFIR

IT&C Security Master
Cybernetics and Economic Informatics Faculty, Bucharest,
ROMANIA
tfc_soft[at]yahoo.com

Abstract: The present article makes a short introduction in the legal and practical aspects of the computer science investigation. It is well known the fact that a computer can represent an invaluable source of pieces of evidence, both in the civil cases as well as in the criminal ones because it contains data regarding the activities carried out by the suspect with the help of the IT equipment.

Security of Password and Data Managers for Internet Browsers

by Catalin BOJA

Academy of Economic Studies, Bucharest
ROMANIA
catalin.boja[at]ie.ase.ro

Abstract: The paper analyses the security of the most used Internet browsers from the viewpoint of user data that is stored and recorded. Data recorded during different browsing sessions and by different password management functions it is considered sensitive data. The paper describes how the browser stores the sensitive data and how an attacker or a forensic analyst could access it. The results of this research are used to compare the security of the three most used browsers today from the viewpoint of their data and password management functions.

Quality Management of the IT Security Audit

by Marius POPA

Academy of Economic Studies,
Faculty of Cybernetics, Statistics and Economic Informatics,
ROMANIA
marius.popa[at]ase.ro

Abstract: As a method of management, quality management uses tools, method and techniques to improve quality of products, services or processes. IT security audit is a process to highlight the state of a system or process and it is used as tool by management to adjust and/or direct the organization’s strategies. The paper presents characteristics of the IT security audit processes, quality and total quality management, quality management system and issues of implementation the quality management during audit processes.

Hiding Malicious Content in PDF Documents

by Dan-Sabin POPESCU

Information Technology Security,
The Military Technical Academy,
ROMANIA
sabin.popescu[at]yahoo.com

Abstract: This paper is a proof-of-concept demonstration for a specific digital signatures vulnerability that shows the ineffectiveness of the WYSIWYS (What You See Is What You Sign) concept. The algorithm is fairly simple: the attacker generates a polymorphic file that has two different types of content (text, as a PDF document for example, and image: TIFF – two of the most widely used file formats). When the victim signs the dual content file, he/ she only sees a PDF document and is unaware of the hidden content inside the file. After obtaining the legally signed document from the victim, the attacker simply has to change the extension to the other file format. This will not invalidate the digital signature, as no bits were altered. The destructive potential of the attack is considerable, as the Portable Document Format (PDF) is widely used in e-government and in e-business contexts.

Information Security Standards

by Dan Constantin TOFAN

Academy of Economic Studies Bucharest,
ROMANIA
tofandan[at]yahoo.com

Abstract: The use of standards is unanimously accepted and gives the possibility of comparing a personal security system with a given frame of reference adopted at an international level. A good example is the ISO 9000 set of standards regarding the quality management system, which is a common reference regardless of the industry in which a certain company activates. Just like quality control standards for other industrial processes such as manufacturing and customer service, information security standards demonstrate in a methodical and certifiable manner that an organization conforms to industry best practices and procedures. This article offers a review of the world’s most used information security standards.