68,365 research outputs found
A New Approach to Secure Logging
The need for secure logging is well-understood by the security
professionals, including both researchers and practitioners. The
ability to efficiently verify all (or some) log entries is
important to any application employing secure logging techniques.
In this paper, we begin by examining state-of-the-art in secure
logging and identify some problems inherent to systems based on
trusted third-party servers. We then propose a different approach
to secure logging based upon recently developed Forward-Secure
Sequential Aggregate (FssAgg) authentication techniques. Our
approach offers both space-efficiency and provable security. We
illustrate two concrete schemes -- one private-verifiable and one
public-verifiable -- that offer practical secure logging without
any reliance on on-line trusted third parties or secure hardware.
We also investigate the concept of immutability in the context of
forward secure sequential aggregate authentication to provide
finer grained verification. Finally, we report on some experience
with a prototype built upon a popular code version control system
Recommended from our members
A lightweight framework for secure life-logging in smart environments
As the world becomes an interconnected network where objects and humans interact with each other, new challenges and threats appear in the ecosystem. In this interconnected world, smart objects have an important role in giving users the chance for life-logging in smart environments. However, smart devices have several limitations with regards to memory, resources and computation power, hindering the opportunity to apply well-established security algorithms and techniques for secure life-logging on the Internet of Things (IoT) domain. The need for secure and trustworthy life-logging in smart environments is vital, thus, a lightweight approach has to be considered to overcome the constraints of smart objects. The purpose of this paper is to present in details the current topics of life-logging in smart environments, while describing interconnection issues, security threats and suggesting a lightweight framework for ensuring security, privacy and trustworthy life-logging. In order to investigate the efficiency of the lightweight framework and the impact of the security attacks on energy consumption, an experimental test-bed was developed including two interconnected users and one smart attacker, who attempts to intercept transmitted messages or interfere with the communication link. Several mitigation factors, such as power control, channel assignment and AES-128 encryption were pplied for secure life-logging. Finally, research into the degradation of the consumed energy regarding the described intrusions is presented
NoSEBrEaK - Attacking Honeynets
It is usually assumed that Honeynets are hard to detect and that attempts to
detect or disable them can be unconditionally monitored. We scrutinize this
assumption and demonstrate a method how a host in a honeynet can be completely
controlled by an attacker without any substantial logging taking place
CYCLONE Unified Deployment and Management of Federated, Multi-Cloud Applications
Various Cloud layers have to work in concert in order to manage and deploy
complex multi-cloud applications, executing sophisticated workflows for Cloud
resource deployment, activation, adjustment, interaction, and monitoring. While
there are ample solutions for managing individual Cloud aspects (e.g. network
controllers, deployment tools, and application security software), there are no
well-integrated suites for managing an entire multi cloud environment with
multiple providers and deployment models. This paper presents the CYCLONE
architecture that integrates a number of existing solutions to create an open,
unified, holistic Cloud management platform for multi-cloud applications,
tailored to the needs of research organizations and SMEs. It discusses major
challenges in providing a network and security infrastructure for the
Intercloud and concludes with the demonstration how the architecture is
implemented in a real life bioinformatics use case
Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning
The secret keys of critical network authorities - such as time, name,
certificate, and software update services - represent high-value targets for
hackers, criminals, and spy agencies wishing to use these keys secretly to
compromise other hosts. To protect authorities and their clients proactively
from undetected exploits and misuse, we introduce CoSi, a scalable witness
cosigning protocol ensuring that every authoritative statement is validated and
publicly logged by a diverse group of witnesses before any client will accept
it. A statement S collectively signed by W witnesses assures clients that S has
been seen, and not immediately found erroneous, by those W observers. Even if S
is compromised in a fashion not readily detectable by the witnesses, CoSi still
guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to
risk that the compromise will soon be detected by one of the W witnesses.
Because clients can verify collective signatures efficiently without
communication, CoSi protects clients' privacy, and offers the first
transparency mechanism effective against persistent man-in-the-middle attackers
who control a victim's Internet access, the authority's secret key, and several
witnesses' secret keys. CoSi builds on existing cryptographic multisignature
methods, scaling them to support thousands of witnesses via signature
aggregation over efficient communication trees. A working prototype
demonstrates CoSi in the context of timestamping and logging authorities,
enabling groups of over 8,000 distributed witnesses to cosign authoritative
statements in under two seconds.Comment: 20 pages, 7 figure
- …