skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Key Management Strategies for Safeguards Authentication and Encryption.


Abstract not provided.

; ; ;
Publication Date:
Research Org.:
Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
Sponsoring Org.:
USDOE National Nuclear Security Administration (NNSA), Office of Defense Nuclear Nonproliferation (NA-20)
OSTI Identifier:
Report Number(s):
DOE Contract Number:
Resource Type:
Resource Relation:
Conference: Proposed for presentation at the IAEA Symposium on International Safeguards held October 19-24, 2014 in Vienna, Austria.
Country of Publication:
United States

Citation Formats

Coram, Michael, Hymel, Ross W, Brotz, Jay Kristoffer, and McDaniel, Michael. Key Management Strategies for Safeguards Authentication and Encryption.. United States: N. p., 2014. Web.
Coram, Michael, Hymel, Ross W, Brotz, Jay Kristoffer, & McDaniel, Michael. Key Management Strategies for Safeguards Authentication and Encryption.. United States.
Coram, Michael, Hymel, Ross W, Brotz, Jay Kristoffer, and McDaniel, Michael. Mon . "Key Management Strategies for Safeguards Authentication and Encryption.". United States. doi:.
title = {Key Management Strategies for Safeguards Authentication and Encryption.},
author = {Coram, Michael and Hymel, Ross W and Brotz, Jay Kristoffer and McDaniel, Michael},
abstractNote = {Abstract not provided.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Mon Sep 01 00:00:00 EDT 2014},
month = {Mon Sep 01 00:00:00 EDT 2014}

Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share:
  • Symmetric end-to-end encryption requires separate keys for each pair of communicating confidants. This is a problem of Order N{sup 2}. Other factors, such as multiple sessions per pair of confidants and multiple encryption points in the ISO Reference Model complicate key management by linear factors. Public-key encryption can reduce the number of keys managed to a linear problem which is good for scaleability of key management, but comes with complicating issues and performance penalties. Authenticity is the primary ingredient of key management. If each potential pair of communicating confidants can authenticate data from each other, then any number of publicmore » encryption keys of any type can be communicated with requisite integrity. These public encryption keys can be used with the corresponding private keys to exchange symmetric cryptovariables for high data rate privacy protection. The Digital Signature Standard (DSS), which has been adopted by the United States Government, has both public and private components, similar to a public-key cryptosystem. The Digital Signature Algorithm of the DSS is intended for authenticity but not for secrecy. In this paper, the authors will show how the use of the Digital Signature Algorithm combined with both symmetric and asymmetric (public-key) encryption techniques can provide a practical solution to key management scaleability problems, by reducing the key management complexity to a problem of order N, without sacrificing the encryption speed necessary to operate in high performance networks.« less
  • BISDN services will involve the integration of high speed data, voice, and video functionality delivered via technology similar to Asynchronous Transfer Mode (ATM) switching and SONET optical transmission systems. Customers of BISDN services may need a variety of data authenticity and privacy assurances, via Asynchronous Transfer Mode (ATM) services Cryptographic methods can be used to assure authenticity and privacy, but are hard to scale for implementation at high speed. The incorporation of these methods into computer networks can severely impact functionality, reliability, and performance. While there are many design issues associated with the serving of public keys for authenticated signalingmore » and for establishment of session cryptovariables, this paper is concerned with the impact of encryption itself on such communications once the signaling and setup have been completed. Network security protections should be carefully matched to the threats against which protection is desired. Even after eliminating unnecessary protections, the remaining customer-required network security protections can impose severe performance penalties. These penalties (further discussed below) usually involve increased communication processing for authentication or encryption, increased error rate, increased communication delay, and decreased reliability/availability. Protection measures involving encryption should be carefully engineered so as to impose the least performance, reliability, and functionality penalties, while achieving the required security protection. To study these trade-offs, a prototype encryptor/decryptor was developed. This effort demonstrated the viability of implementing certain encryption techniques in high speed networks. The research prototype processes ATM cells in a SONET OC-3 payload. This paper describes the functionality, reliability, security, and performance design trade-offs investigated with the prototype.« less
  • No abstract prepared.
  • Cyber-physical systems (CPS) are characterized by the close linkage of computational resources and physical devices. These systems can be deployed in a number of critical infrastructure settings. As a result, the security requirements of CPS are different than traditional computing architectures. For example, critical functions must be identified and isolated from interference by other functions. Similarly, lightweight schemes may be required, as CPS can include devices with limited computing power. One approach that offers promise for CPS security is the use of lightweight, hardware-based authentication. Specifically, we consider the use of Physically Unclonable Functions (PUFs) to bind an access requestmore » to specific hardware with device-specific keys. PUFs are implemented in hardware, such as SRAM, and can be used to uniquely identify the device. This technology could be used in CPS to ensure location-based access control and encryption, both of which would be desirable for CPS implementations.« less
  • A system has been developed which employs two identical integrated circuits to perform the encryption algorithm developed by Rivest, Shamir, and Adleman (RSA) on a 336-bit message. The integrated circuit used in the system employs the 3-micron polysilicon gate, radiation-hard, CMOS technology developed at Sandia National Laboratories.