High-rate quantum cryptography in untrusted networks

We extend the field of continuous-variable quantum cryptography to a network formulation where two honest parties connect to an untrusted relay by insecure quantum links. To generate secret correlations, they transmit coherent states to the relay where a continuous-variable Bell detection is performed and the outcome broadcast. Even though the detection could be fully corrupted and the links subject to optimal coherent attacks, the honest parties can still extract a secret key, achieving high rates when the relay is proximal to one party, as typical in public networks with access points or proxy servers. Our theory is confirmed by an experiment generating key-rates which are orders of magnitude higher than those achievable with discrete-variable protocols. Thus, using the cheapest possible quantum resources, we experimentally show the possibility of high-rate quantum key distribution in network topologies where direct links are missing between end-users and intermediate relays cannot be trusted.Comment: Theory and Experiment. Main article (6 pages) plus Supplementary Information (additional 13 pages

A Cautionary Note Regarding the Data Integrity Capacity of Certain Secure Systems

The need to provide standard commercial-grade productivity applications as the general purpose user interface to high-assurance data processing environments is ompelling, and has resulted in proposals for several different types of \trusted" systems. We characterize some of these systems as a class of architecture. We discuss the general integrity property that systems can only be trusted to manage moldable data whose integrity is at or below that of their interface components. One effect of this property is that in terms of integrity these hybrid-security systems are only applicable to processing environments where the integrity of data is consistent with that of low-assurance software. Several examples are provided of hybrid-security systems subject to these limitations.Approved for public release; distribution is unlimited

A Flexible and Dynamic Access Control Policy Framework for an Active Networking Environment

To provide security for active networking nodes with respect to availability and controlled access the introduction of an access control mechanism and consequently a policy framework are mandatory. We follow the approach of a scenario-tailored runtime supervision of the service. During the development of the access control mechanism we strongly focused on keeping the mechanism as efficient as possible and to realize a modular design which allows to dynamically upgrade and configure the mechanism making use of the active networking technology itself while at the same time ensuring that mandatory security checks cannot be circumvented. Each service has to pass initial checks before it could be executed on an active node. Furthermore, also service-specific adaptive criterions could be included into the initial check