Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Security Implications of Selective Encryption
Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT. (Datavetenskap)
Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT. (Datavetenskap)ORCID iD: 0000-0003-0778-4736
2010 (English)In: MetriSec'10: Proceedings of the 6th International Workshop on Security Measurements and Metrics, New York: ACM , 2010Conference paper, Published paper (Refereed)
Abstract [en]

To be able to perform an analytical and more exact description of security, quantitative security measures are desirable. Two proposed quantitative security measures are entropy and guesswork. When breaking an encrypted message, entropy measures the average number of guesses in an optimal binary search attack, whereas guesswork measures the average number of guesses in an optimal linear search attack. In this paper, we continue to investigate the security implications of a generic selective encryption procedure. That is, how entropy and guesswork changes with the number of encrypted units, i.e., the encryption level. This is done for languages up to thesecond order by deriving equations for entropy of selectively encrypted messages and then transferring the result to guesswork through an equation relating the two measures. Furthermore, unlike entropy, guesswork does not possess the chain rule, however, through the equation relating entropy and guesswork an equation connecting the different guessworks is derived.

Place, publisher, year, edition, pages
New York: ACM , 2010.
Keywords [en]
Computer Security, Security Measures, Selective Encryption, Entropy, Guesswork
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-10005DOI: 10.1145/1853919.1853931ISBN: 978-1-4503-0340-8 (print)OAI: oai:DiVA.org:kau-10005DiVA, id: diva2:493521
Conference
MetriSec'10 The 6th International Workshop on Security Measurements and Metrics(Conference ESEM '10 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement) Bolzano, Italy — September 16 - 17, 2010
Available from: 2012-02-08 Created: 2012-02-08 Last updated: 2018-01-12Bibliographically approved
In thesis
1. Guesswork and Entropy as Security Measures for Selective Encryption
Open this publication in new window or tab >>Guesswork and Entropy as Security Measures for Selective Encryption
2012 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

More and more effort is being spent on security improvements in today's computer environments, with the aim to achieve an appropriate level of security. However, for small computing devices it might be necessary to reduce the computational cost imposed by security in order to gain reasonable performance and/or energy consumption. To accomplish this selective encryption can be used, which provides confidentiality by only encrypting chosen parts of the information. Previous work on selective encryption has chiefly focused on how to reduce the computational cost while still making the information perceptually secure, but not on how computationally secure the selectively encrypted information is. 

Despite the efforts made and due to the harsh nature of computer security, good quantitative assessment methods for computer security are still lacking. Inventing new ways of measuring security are therefore needed in order to better understand, assess, and improve the security of computer environments. Two proposed probabilistic quantitative security measures are entropy and guesswork. Entropy gives the average number of guesses in an optimal binary search attack, and guesswork gives the average number of guesses in an optimal linear search attack. In information theory, a considerable amount of research has been carried out on entropy and on entropy-based metrics. However, the same does not hold for guesswork.

In this thesis, we evaluate the performance improvement when using the proposed generic selective encryption scheme. We also examine the confidentiality strength of selectively encrypted information by using and adopting entropy and guesswork. Moreover, since guesswork has been less theoretical investigated compared to entropy, we extend guesswork in several ways and investigate some of its behaviors.

Place, publisher, year, edition, pages
Karlstad: Karlstad University Press, 2012. p. 30
Series
Karlstad University Studies, ISSN 1403-8099 ; 2012:36
Keywords
Computer security, security metrics, selective encryption, confidentiality, entropy, guesswork.
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-14032 (URN)978-91-7063-443-7 (ISBN)
Public defence
2012-09-27, 9C 203, Karlstads universitet, 65187 Karlstad, 13:15 (English)
Opponent
Supervisors
Available from: 2012-09-04 Created: 2012-06-28 Last updated: 2018-06-25Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Search in DiVA

By author/editor
Lundin, ReineLindskog, Stefan
By organisation
Department of Computer ScienceCentre for HumanIT
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 388 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf