Virtual Smart Cards: How to Sign with a Password and a Server

An important shortcoming of client-side cryptography on consumer devices is the poor protection of secret keys. Encrypting the keys under a human-memorizable password hardly offers any protection when the device is stolen. Trusted hardware tokens such as smart cards can provide strong protection of keys but are cumbersome to use. We consider the case where secret keys are used for digital signatures and propose a password-authenticated server-aided signature Pass2Sign protocol, where signatures are collaboratively generated by a device and a server, while the user authenticates to the server with a (low-entropy) password. Neither the server nor the device store enough information to create a signature by itself or to perform an offline attack on the password. The signed message remains hidden from the server. We argue that our protocol offers comparable security to trusted hardware, but without its inconveniences. We prove it secure in the universal composability (UC) framework in a very strong adaptive corruption model where, unlike standard UC, the adversary does not obtain past inputs and outputs upon corrupting a party. This is crucial to hide previously entered passwords and messages from the adversary when the device gets corrupted. The protocol itself is surprisingly simple: it is round-optimal, efficient, and relies exclusively on standard primitives such as hash functions and RSA. The security proof involves a novel random-oracle programming technique that may be of independent interest

A Survey on Security and Privacy of 5G Technologies: Potential Solutions, Recent Advancements, and Future Directions

Security has become the primary concern in many telecommunications industries today as risks can have high consequences. Especially, as the core and enable technologies will be associated with 5G network, the confidential information will move at all layers in future wireless systems. Several incidents revealed that the hazard encountered by an infected wireless network, not only affects the security and privacy concerns, but also impedes the complex dynamics of the communications ecosystem. Consequently, the complexity and strength of security attacks have increased in the recent past making the detection or prevention of sabotage a global challenge. From the security and privacy perspectives, this paper presents a comprehensive detail on the core and enabling technologies, which are used to build the 5G security model; network softwarization security, PHY (Physical) layer security and 5G privacy concerns, among others. Additionally, the paper includes discussion on security monitoring and management of 5G networks. This paper also evaluates the related security measures and standards of core 5G technologies by resorting to different standardization bodies and provide a brief overview of 5G standardization security forces. Furthermore, the key projects of international significance, in line with the security concerns of 5G and beyond are also presented. Finally, a future directions and open challenges section has included to encourage future research.European CommissionNational Research Tomsk Polytechnic UniversityUpdate citation details during checkdate report - A

Location Privacy-Preserving Strategies for Secondary Spectrum Use

The scarcity of wireless spectrum resources and the overwhelming demand for wireless broadband resources have prompted industry, government agencies and academia within the wireless communities to develop and come up with effective solutions that can make additional spectrum available for broadband data. As part of these ongoing efforts, cognitive radio networks (CRNs) have emerged as an essential technology for enabling and promoting dynamic spectrum access and sharing, a paradigm primarily aimed at addressing the spectrum scarcity and shortage challenges by permitting and enabling unlicensed or secondary users (SUs) to freely search, locate and exploit unused licensed spectrum opportunities. Despite their great potentials for improving spectrum utilization efficiency and for addressing the spectrum shortage problem, CRNs suffer from serious location privacy issues, which essentially tend to disclose the location information of the SUs to other system entities during their usage of these open spectrum opportunities. Knowing that their whereabouts may be exposed, SUs can be discouraged from joining and participating in the CRNs, potentially hindering the adoption and deployment of this technology. In this thesis, we propose frameworks that are suitable for CRNs, but also preserve the location privacy information of these SU s. More specifically, 1. We propose location privacy-preserving protocols that protect the location privacy of SUs in cooperative sensing-based CRNs while allowing the SUs to perform their spectrum sensing tasks reliably and effectively. Our proposed protocols allow also the detection of malicious user activities through the adoption of reputation mechanisms. 2. We propose location privacy-preserving approaches that provide information-theoretic privacy to SU s’ location in database-driven CRNs through the exploitation of the structured nature of spectrum databases and the fact that database-driven CRNs, by design, rely on multiple spectrum databases. 3. We propose a trustworthy framework for new generation of spectrum access systems in the 3.5 GHz band that not only protects SUs’ privacy, but also ensures that they comply with the unique system requirements, while allowing the detection of misbehaving users