-
On PQC Migration and Crypto-Agility
Authors:
Alexander Wiesmaier,
Nouri Alnahawi,
Tobias Grasmeyer,
Julian Geißler,
Alexander Zeier,
Pia Bauspieß,
Andreas Heinemann
Abstract:
Besides the development of PQC algorithms, the actual migration of IT systems to such new schemes has to be considered, best by utilizing or establishing crypto-agility. Much work in this respect is currently conducted all over the world, making it hard to keep track of the many individual challenges and respective solutions that have been identified. In consequence, it is difficult to judge for b…
▽ More
Besides the development of PQC algorithms, the actual migration of IT systems to such new schemes has to be considered, best by utilizing or establishing crypto-agility. Much work in this respect is currently conducted all over the world, making it hard to keep track of the many individual challenges and respective solutions that have been identified. In consequence, it is difficult to judge for both individual application scenarios and on a global scale, whether all (known) challenges have been addressed respectively or what their current state is. We provide a literature survey and a snapshot of the discovered challenges and solutions categorized in different areas. We use this as starting point for a community project to keep track of the ongoing efforts and the state of the art in this field. Thereby we offer a single entry-point into the subject reflecting the current state in a timely manner.
△ Less
Submitted 17 June, 2021;
originally announced June 2021.
-
Zur Integration von Post-Quantum Verfahren in bestehende Softwareprodukte
Authors:
Alexander Zeier,
Alexander Wiesmaier,
Andreas Heinemann
Abstract:
Currently, PQC algorithms are being standardized to address the emerging threat to conventional asymmetric algorithms from quantum computing. These new algorithms must then be integrated into existing protocols, applications and infrastructures. Integration problems are to be expected, due to incompatibilities with existing standards and implementations on the one hand, but also due to a lack of k…
▽ More
Currently, PQC algorithms are being standardized to address the emerging threat to conventional asymmetric algorithms from quantum computing. These new algorithms must then be integrated into existing protocols, applications and infrastructures. Integration problems are to be expected, due to incompatibilities with existing standards and implementations on the one hand, but also due to a lack of knowledge among software developers about how to handle PQC algorithms. To illustrate incompatibilities, we integrate two different PQC algorithms into two different existing software products (the InboxPager email client for the Android OS and the TLS implementation of the Bouncy Castle crypto library). Here, we rely on the highly-abstract crypto library eUCRITE, which hides technical details about the correct usage of classical and PCQ algorithms and thus prevents some potential implementation errors.
△ Less
Submitted 30 January, 2021;
originally announced February 2021.
-
Zur Benutzbarkeit und Verwendung von API-Dokumentationen
Authors:
Rolf Huesmann,
Alexander Zeier,
Andreas Heinemann,
Alexander Wiesmaier
Abstract:
A good documentation is essential for a good usability of (security) APIs, i.e. especially for the correct use of the APIs. Requirements for good documentation of APIs have been described in several papers, but there is no technical implementation (hereinafter referred to as a documentation system) that implements these requirements. The requirements can be divided into requirements for the docume…
▽ More
A good documentation is essential for a good usability of (security) APIs, i.e. especially for the correct use of the APIs. Requirements for good documentation of APIs have been described in several papers, but there is no technical implementation (hereinafter referred to as a documentation system) that implements these requirements. The requirements can be divided into requirements for the documentation system and requirements for the documentation content. Out of 13 identified requirements for a documentation system itself, 9 were implemented in a prototype and evaluated in a user study with 22 test persons using a cryptographic API. It turned out that the implementation of the requirement 'Enable quick use of the API' depends on the one hand on the quality of the content entered, but on the other hand also includes 5 other requirements or their implementation. The two other implemented requirements ('classic reference' and 'question and answer function') were hardly or not at all used by the test persons. Their usefulness and relevance should be investigated in a long-term study.
△ Less
Submitted 10 July, 2020;
originally announced July 2020.
-
A Comparative Study of Data Storage and Processing Architectures for the Smart Grid
Authors:
Marıa Arenas-Martınez,
Sergio Herrero-Lopez,
Abel Sanchez,
John R. Williams,
Paul Roth,
Paul Hofmann,
Alexander Zeier
Abstract:
A number of governments and organizations around the world agree that the first step to address national and international problems such as energy independence, global warming or emergency resilience, is the redesign of electricity networks, known as Smart Grids. Typically, power grids have broadcast power from generation plants to large population of consumers on a sub-optimal way. Nevertheless,…
▽ More
A number of governments and organizations around the world agree that the first step to address national and international problems such as energy independence, global warming or emergency resilience, is the redesign of electricity networks, known as Smart Grids. Typically, power grids have broadcast power from generation plants to large population of consumers on a sub-optimal way. Nevertheless, the fusion of energy delivery networks and digital information networks, along with the introduction of intelligent monitoring systems (Smart Meters) and renewable energies, would enable two-way electricity trading relationships between electricity suppliers and electricity consumers. The availability of real-time information on electricity demand and pricing, would enable suppliers optimizing their delivery systems, while consumers would have the means to minimize their bill by turning on appliances at off-peak hours. The construction of the Smart Grid entails the design and deployment of information networks and systems of unprecedented requirements on storage, real-time event processing and availability. In this paper, a series of system architectures to store and process Smart Meter reading data are explored and compared aiming to establish a solid foundation in which future intelligent systems could be supported.
△ Less
Submitted 3 June, 2020;
originally announced June 2020.
-
Design and Implementation Aspects of Mobile Derived Identities
Authors:
Daniel Träder,
Alexander Zeier,
Andreas Heinemann
Abstract:
With the ongoing digitalisation of our everyday tasks, more and more eGovernment services make it possible for citizens to take care of their administrative obligations online. This type of services requires a certain assurance level for user authentication. To meet these requirements, a digital identity issued to the citizen is essential. Nowadays, due to the widespread use of smartphones, mobile…
▽ More
With the ongoing digitalisation of our everyday tasks, more and more eGovernment services make it possible for citizens to take care of their administrative obligations online. This type of services requires a certain assurance level for user authentication. To meet these requirements, a digital identity issued to the citizen is essential. Nowadays, due to the widespread use of smartphones, mobile user authentication is often favoured. This naturally supports two-factor authentication schemes (2FA). We use the term mobile derived identity to stress two aspects: a) the identity is enabled for mobile usage and b) the identity is somehow derived from a physical or digital proof of identity. This work reviews 21 systems that support mobile derived identities. One subset of the considered systems is already in place (public or private sector in Europe), another subset is subject to research. Our goal is to identify prevalent design and implementation aspects for these systems in order to gain a better understanding on best practises and common views on mobile derived identities. We found, that research prefers storing identity data on the mobile device itself whereas real world systems usually rely on cloud storage. 2FA is common in both worlds, however biometrics as second factor is the exception.
△ Less
Submitted 20 July, 2017;
originally announced July 2017.
-
Fast Updates on Read-Optimized Databases Using Multi-Core CPUs
Authors:
Jens Krueger,
Changkyu Kim,
Martin Grund,
Nadathur Satish,
David Schwalb,
Jatin Chhugani,
Hasso Plattner,
Pradeep Dubey,
Alexander Zeier
Abstract:
Read-optimized columnar databases use differential updates to handle writes by maintaining a separate write-optimized delta partition which is periodically merged with the read-optimized and compressed main partition. This merge process introduces significant overheads and unacceptable downtimes in update intensive systems, aspiring to combine transactional and analytical workloads into one system…
▽ More
Read-optimized columnar databases use differential updates to handle writes by maintaining a separate write-optimized delta partition which is periodically merged with the read-optimized and compressed main partition. This merge process introduces significant overheads and unacceptable downtimes in update intensive systems, aspiring to combine transactional and analytical workloads into one system. In the first part of the paper, we report data analyses of 12 SAP Business Suite customer systems. In the second half, we present an optimized merge process reducing the merge overhead of current systems by a factor of 30. Our linear-time merge algorithm exploits the underlying high compute and bandwidth resources of modern multi-core CPUs with architecture-aware optimizations and efficient parallelization. This enables compressed in-memory column stores to handle the transactional update rate required by enterprise applications, while keeping properties of read-optimized databases for analytic-style queries.
△ Less
Submitted 30 September, 2011;
originally announced September 2011.
