skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Novel Authentication of Monitoring Data Through the use of Secret and Public Cryptographic Keys

Abstract

The Office of Nuclear Verification (ONV) is supporting the development of a piece of equipment to provide data authentication and protection for a suite of monitoring sensors as part of a larger effort to create an arms control technology toolkit. This device, currently called the Red Box, leverages the strengths of both secret and public cryptographic keys to authenticate, digitally sign, and pass along monitoring data to allow for host review, and redaction if necessary, without the loss of confidence in the authenticity of the data by the monitoring party. The design of the Red Box will allow for the addition and removal of monitoring equipment and can also verify that the data was collected by authentic monitoring equipment prior to signing the data and sending it to the host and for review. The host will then forward the data to the monitor for review and inspection. This paper will highlight the progress to date of the Red Box development, and will explain the novel method of leveraging both symmetric and asymmetric (secret and public key) cryptography to authenticate data within a warhead monitoring regime.

Authors:
; ;
Publication Date:
Research Org.:
Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1236934
Report Number(s):
PNNL-SA-103814
NN4011010
DOE Contract Number:
AC05-76RL01830
Resource Type:
Conference
Resource Relation:
Conference: 55th Annual Meeting of the Institute of Nuclear Materials Management (INMM 2014), July 20-24, 2014, Atlanta, Georgia, 1:537-543
Country of Publication:
United States
Language:
English

Citation Formats

Benz, Jacob M., Tolk, Keith, and Tanner, Jennifer E. Novel Authentication of Monitoring Data Through the use of Secret and Public Cryptographic Keys. United States: N. p., 2014. Web.
Benz, Jacob M., Tolk, Keith, & Tanner, Jennifer E. Novel Authentication of Monitoring Data Through the use of Secret and Public Cryptographic Keys. United States.
Benz, Jacob M., Tolk, Keith, and Tanner, Jennifer E. Mon . "Novel Authentication of Monitoring Data Through the use of Secret and Public Cryptographic Keys". United States. doi:.
@article{osti_1236934,
title = {Novel Authentication of Monitoring Data Through the use of Secret and Public Cryptographic Keys},
author = {Benz, Jacob M. and Tolk, Keith and Tanner, Jennifer E.},
abstractNote = {The Office of Nuclear Verification (ONV) is supporting the development of a piece of equipment to provide data authentication and protection for a suite of monitoring sensors as part of a larger effort to create an arms control technology toolkit. This device, currently called the Red Box, leverages the strengths of both secret and public cryptographic keys to authenticate, digitally sign, and pass along monitoring data to allow for host review, and redaction if necessary, without the loss of confidence in the authenticity of the data by the monitoring party. The design of the Red Box will allow for the addition and removal of monitoring equipment and can also verify that the data was collected by authentic monitoring equipment prior to signing the data and sending it to the host and for review. The host will then forward the data to the monitor for review and inspection. This paper will highlight the progress to date of the Red Box development, and will explain the novel method of leveraging both symmetric and asymmetric (secret and public key) cryptography to authenticate data within a warhead monitoring regime.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Mon Jul 21 00:00:00 EDT 2014},
month = {Mon Jul 21 00:00:00 EDT 2014}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share:
  • To ensure the peaceful intent for production and processing of nuclear fuel, verifiable process monitoring of the fuel production cycle is required. As part of a U.S. Department of Energy (DOE)-EURATOM collaboration in the field of international nuclear safeguards, the DOE Sandia National Laboratories (SNL), the European Commission Joint Research Centre (JRC) and Directorate General-Energy (DG-ENER) developed and demonstrated a new concept in process monitoring, enabling the use of operator process information by branching a second, authenticated data stream to the Safeguards inspectorate. This information would be complementary to independent safeguards data, improving the understanding of the plant's operation. Themore » concept is called the Enhanced Data Authentication System (EDAS). EDAS transparently captures, authenticates, and encrypts communication data that is transmitted between operator control computers and connected analytical equipment utilized in nuclear processes controls. The intent is to capture information as close to the sensor point as possible to assure the highest possible confidence in the branched data. Data must be collected transparently by the EDAS: Operator processes should not be altered or disrupted by the insertion of the EDAS as a monitoring system for safeguards. EDAS employs public key authentication providing 'jointly verifiable' data and private key encryption for confidentiality. Timestamps and data source are also added to the collected data for analysis. The core of the system hardware is in a security enclosure with both active and passive tamper indication. Further, the system has the ability to monitor seals or other security devices in close proximity. This paper will discuss the EDAS concept, recent technical developments, intended application philosophy and the planned future progression of this system.« less
  • Methods to generate private keys based on wireless channel characteristics have been proposed as an alternative to standard key-management schemes. In this work, we discuss past work in the field and offer a generalized scheme for the generation of private keys using uncorrelated channels in multiple domains. Proposed cognitive enhancements measure channel characteristics, to dynamically change transmission and reception parameters as well as estimate private key randomness and expiration times. Finally, results are presented on the implementation of a system for the generation of private keys for cryptographic communications using channel impulse-response estimation at 60 GHz. The testbed is composedmore » of commercial millimeter-wave VubIQ transceivers, laboratory equipment, and software implemented in MATLAB. Novel cognitive enhancements are demonstrated, using channel estimation to dynamically change system parameters and estimate cryptographic key strength. We show for a complex channel that secret key generation can be accomplished on the order of 100 kb/s.« less
  • A public-key Treaty Data Authentication Module (TDAM) based on the National Institute of Standards and Technology (NIST) Digital Signature Standard (DSS) has been developed to support treaty verification systems. The TDAM utilizes the Motorola DSP56001 Digital Signal Processor as a coprocessor and supports both the STD Bus and PC-AT Bus platforms. The TDAM is embedded within an Authenticated Data Communication Subsystem (ADCS) which provides transparent data authentication and communications, thereby concealing the details of securely authenticating and communicating compliance data and commands. The TDAM has been designed according to the NIST security guidelines for cryptographic modules. Public-key data authentication ismore » important for support of both bilateral and multi-lateral treaties. 8 refs.« less