A group of AIT Digital Safety & Security scientists were honered recently with several awards on behalf of the following international congresses:
At the International Conference on Quantum, Nano and Micro Technologies (ICQNM 2015) and at the Ninth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2015) the AIT experts were venerated for the outstanding papers. Additionally, some of the AIT experts were invited to publish an extended version of the paper for the next conventions.
ICQNM 2015: Best Paper Award for "BB84 Quantum Key Distribution with Intrinsic Authentication"
Awarded experts:
Stefan Rass, Sandra König, Stefan Schauer
Abstract:
We describe a method to authenticate the qubit stream being exchanged during the first phases of the BB84 quantum key distribution without pre-shared secrets. Unlike the conventional approach that continuously authenticates all protocol messages on the public channel, our proposal is to authenticate the qubit stream already to verify the peer’s identity. To this end, we employ a second public channel that is physically and logically disjoint from the one used for BB84. This is our substitute for the otherwise necessary assumption on the existence of pre-shared secrets. Shifting authentication to the first phase of BB84 spares bandwidth during public discussion and thus makes the overall protocol also somewhat more efficient.
SECURWARE 2015: Best Paper Award for "Implementation of a Generic ICT Risk Model using Graph Databases"
Awarded experts:
Stefan Schiebeck, Martin Latzenhofer, Brigitte Palensky, Stefan Schauer, Gerald Quirchmayr, Thomas Benesch, Johannes Göllner, Christian Meurers, Ingo Mayr
Abstract:
Advanced Persistent Threats (APTs) impose an increasing threat on today’s information and communication technology (ICT) infrastructure. These highly-sophisticated attacks overcome the typical perimeter protection mechanisms of an organization and generate a large amount of damage. Based on a practical use case of a real-life APT lifecycle, this paper shows how APTs can be tackled using a generic ICT risk analysis framework. Further, it provides details for the implementation of this risk analysis framework using graph databases. The major benefits of this graph database approach, i.e., the simple representation of the interconnected risk model as a graph and the availability of efficient traversals over complex sections of the graph, are illustrated giving several examples.