3,520 research outputs found
Trusted Computing and Secure Virtualization in Cloud Computing
Large-scale deployment and use of cloud computing in industry
is accompanied and in the same time hampered by concerns regarding protection of
data handled by cloud computing providers. One of the consequences of moving
data processing and storage off company premises is that organizations have
less control over their infrastructure. As a result, cloud service (CS) clients
must trust that the CS provider is able to protect their data and
infrastructure from both external and internal attacks. Currently however, such
trust can only rely on organizational processes declared by the CS
provider and can not be remotely verified and validated by an external party.
Enabling the CS client to verify the integrity of the host where the
virtual machine instance will run, as well as to ensure that the virtual
machine image has not been tampered with, are some steps towards building
trust in the CS provider. Having the tools to perform such
verifications prior to the launch of the VM instance allows the CS
clients to decide in runtime whether certain data should be stored- or calculations
should be made on the VM instance offered by the CS provider.
This thesis combines three components -- trusted computing, virtualization technology
and cloud computing platforms -- to address issues of trust and
security in public cloud computing environments. Of the three components,
virtualization technology has had the longest evolution and is a cornerstone
for the realization of cloud computing. Trusted computing is a recent
industry initiative that aims to implement the root of trust in a hardware
component, the trusted platform module. The initiative has been formalized
in a set of specifications and is currently at version 1.2. Cloud computing
platforms pool virtualized computing, storage and network resources in
order to serve a large number of customers customers that use a multi-tenant
multiplexing model to offer on-demand self-service over broad network.
Open source cloud computing platforms are, similar to trusted computing, a
fairly recent technology in active development.
The issue of trust in public cloud environments is addressed
by examining the state of the art within cloud computing security and
subsequently addressing the issues of establishing trust in the launch of a
generic virtual machine in a public cloud environment. As a result, the thesis
proposes a trusted launch protocol that allows CS clients
to verify and ensure the integrity of the VM instance at launch time, as
well as the integrity of the host where the VM instance is launched. The protocol
relies on the use of Trusted Platform Module (TPM) for key generation and data protection.
The TPM also plays an essential part in the integrity attestation of the
VM instance host. Along with a theoretical, platform-agnostic protocol,
the thesis also describes a detailed implementation design of the protocol
using the OpenStack cloud computing platform.
In order the verify the implementability of the proposed protocol, a prototype
implementation has built using a distributed deployment of OpenStack.
While the protocol covers only the trusted launch procedure using generic
virtual machine images, it presents a step aimed to contribute towards
the creation of a secure and trusted public cloud computing environment
NAISS: A Reverse Proxy Approach to Mitigate MageCart's E-Skimmers in E-Commerce
The rise of payment details theft has led to increasing concerns regarding the security of e-commerce platforms. For the MageCart threat family, the attacks employ e-skimmers, which are pieces of software code that instruct clients to forward payment details to an attacker-controlled server. They can be injected into hosting providers' servers as HTML tags such as script, iframe, and img. By leveraging image steganography - the technique of hiding structured information inside images without visual perturbances - MageCart groups can deliver e-skimmers without raising suspicion. In this work, we systematically review applicable solutions in the literature and evaluate their drawbacks in the setting of a compromised hosting provider. While promising, existing solutions in the literature present shortcomings such as a lack of compatibility, adaptability, or functionality in the presence of an attacker. Based on this review, we compile a set of features for a better solution, which we use as a foundation for designing our proposed solution - NAISS: Network Authentication of Images to Stop e-Skimmers. Through our solution, digital signatures of individual images are checked inside a server-side middlebox residing in the hosting provider's network to prevent the transmission of unauthorized images to clients. Elliptic curve signatures are provided by the e-commerce platform developer prior to uploading a website to the hosting provider. Our proof-of-concept implementation shows that NAISS is capable of filtering 100% of present stegoimages, regardless of their novelty, while imposing a minimal performance detriment and no client-side modifications
Web3.0 Security: Privacy Enhancing and Anonym Auditing in Blockchain-based Structures
The advent of Web 3.0, underpinned by blockchain technologies, promises to
transform the internet's landscape by empowering individuals with decentralized
control over their data. However, this evolution brings unique security
challenges that need to be addressed. This paper explores these complexities,
focusing on enhancing privacy and anonymous auditing within blockchain
structures. We present the architecture of Web 3.0 based on the blockchain,
providing a clear perspective on its workflow and security mechanisms. A
security protocol for Web 3.0 systems, employing privacy-preserving techniques
and anonymous auditing during runtime, is proposed. Key components of our
solution include the integration of privacy-enhancing techniques and the
utilization of Tor for anonymous auditing. We discuss related work and propose
a framework that meets these new security requirements. Lastly, we offer an
evaluation and comparison of our model to existing methods. This research
contributes towards the foundational understanding of Web 3.0's secure
structure and offers a pathway towards secure and privacy-preserving digital
interactions in this novel internet landscape
Recommended from our members
Security challenges and solutions for e-business
The advantages of economic growth and increasing ease of operation afforded by e-business and e-commerce developments are unfortunately matched by growth in cyber attacks. This paper outlines the common attacks faced by e-business and describes the defenses that can be used against them. It also reviews the development of newer security defense methods. These are: (1) biometrics for authentication; parallel processing to increase power and speed of defenses; (2) data mining and machine learning to identify attacks; (3) peer-to-peer security using blockchains; 4) enterprise security modelling and security as a service; and (5) user education and engagement. The review finds overall that one of the most prevalent dangers is social engineering in the form of phishing attacks. Recommended counteractions include education and training, and the development of new machine learning and data sharing approaches so that attacks can be quickly discovered and mitigated
Blockchain-Based Services Implemented in a Microservices Architecture Using a Trusted Platform Module Applied to Electric Vehicle Charging Stations
Microservice architectures exploit container-based virtualized services, which rarely use
hardware-based cryptography. A trusted platform module (TPM) offers a hardware root for trust
in services that makes use of cryptographic operations. The virtualization of this hardware module
offers high usability for other types of service that require TPM functionalities. This paper proposes
the design of TPM virtualization in a container. To ensure integrity, different mechanisms, such as
attestation and sealing, have been developed for the binaries and libraries stored in the container
volumes. Through a REST API, the container offers the functionalities of a TPM, such as key
generation and signing. To prevent unauthorized access to the container, this article proposes an
authentication mechanism based on tokens issued by the Cognito Amazon Web Service. As a proof
of concept and applicability in industry, a use case for electric vehicle charging stations using a
microservice-based architecture is proposed. Using the EOS.IO blockchain to maintain a copy of
the data, the virtualized TPM microservice provides the cryptographic operations necessary for
blockchain transactions. Through a two-factor authentication mechanism, users can access the data.
This scenario shows the potential of using blockchain technologies in microservice-based architectures,
where microservices such as the virtualized TPM fill a security gap in these architectures.Infineon TechnologiesProgram “Digitalisierung der EnergiewendeBundesministeriums für
Wirtschaft und EnergieTrusted Blockchains fur das offene, intelligente
Energienetz der Zukunft (tbiEnergy)FKZ 03EI6029DEuropean Health and Digital Executive Agency (HaDEA) program under Grant
Agreement No 101092950 (EDGELESS project)FEDER/Junta de
Andalucia-Consejeria de Transformacion Economica, Industria, Conocimiento y Universidades under
Project B-TIC-588-UGR20
An Implementing A Continuous Authentication Protocol To Improve Robustness Security Threats On IoT Using ESP8266
The Internet of Things (IoT) is a network of physical things that are outfitted with sensors, software, and other technologies that are able to communicate and exchange data with other devices and systems over the Internet. Because of the diversity of their surroundings, IoT systems are sensitive to network attacks. The IoT could be the source of these dangers and attacks. There are a lot of devices that communicate with each other via the IoT, and one of the most critical components of this is to maintain IoT security. IoT devices are a prime target for attackers and pose a serious risk of impersonation during a call. Proposals to prevent session hijacking in device-to-device communication are made in this research study. User-to-device authentication relies on usernames and passwords, but continuous authentication doesn't. This protocol relies on device features and contextual information. Moreover, this protocol reduces the synchronization losses using shadow IDs and emergency key. In addition, the protocol’s robustness will be tested by providing security and performance analysis
Recommended from our members
Managing near field communication (NFC) payment applications through cloud computing
This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.The Near Field Communication (NFC) technology is a short-range radio communication channel which enables users to exchange data between devices. NFC provides a contactless technology for data transmission between smart phones, Personal Computers (PCs), Personal Digital Assistants (PDAs) and such devices. It enables the mobile phone to act as identification and a credit card for customers. However, the NFC chip can act as a reader as well as a card, and also be used to design symmetric protocols. Having several parties involved in NFC ecosystem and not having a common standard affects the security of this technology where all the parties are claiming to have access to client’s information (e.g. bank account details).
The dynamic relationships of the parties in an NFC transaction process make them partners in a way that sometimes they share their access permissions on the applications that are running in the service environment. These parties can only access their part of involvement as they are not fully aware of each other’s rights and access permissions. The lack of knowledge between involved parties makes the management and ownership of the NFC ecosystem very puzzling. To solve this issue, a security module that is called Secure Element (SE) is designed to be the base of the security for NFC. However, there are still some security issues with SE personalization, management, ownership and architecture that can be exploitable by attackers and delay the adaption of NFC payment technology. Reorganizing and describing what is required for the success of this technology have motivated us to extend the current NFC ecosystem models to accelerate the development of this business area. One of the technologies that can be used to ensure secure NFC transactions is cloud computing which offers wide range advantages compared to the use of SE as a single entity in an NFC enabled mobile phone. We believe cloud computing can solve many issues in regards to NFC application management. Therefore, in the first contribution of part of this thesis we propose a new payment model called “NFC Cloud Wallet". This model demonstrates a reliable structure of an NFC ecosystem which satisfies the requirements of an NFC payment during the development process in a systematic, manageable, and effective way
Study of Peer-to-Peer Network Based Cybercrime Investigation: Application on Botnet Technologies
The scalable, low overhead attributes of Peer-to-Peer (P2P) Internet
protocols and networks lend themselves well to being exploited by criminals to
execute a large range of cybercrimes. The types of crimes aided by P2P
technology include copyright infringement, sharing of illicit images of
children, fraud, hacking/cracking, denial of service attacks and virus/malware
propagation through the use of a variety of worms, botnets, malware, viruses
and P2P file sharing. This project is focused on study of active P2P nodes
along with the analysis of the undocumented communication methods employed in
many of these large unstructured networks. This is achieved through the design
and implementation of an efficient P2P monitoring and crawling toolset. The
requirement for investigating P2P based systems is not limited to the more
obvious cybercrimes listed above, as many legitimate P2P based applications may
also be pertinent to a digital forensic investigation, e.g, voice over IP,
instant messaging, etc. Investigating these networks has become increasingly
difficult due to the broad range of network topologies and the ever increasing
and evolving range of P2P based applications. In this work we introduce the
Universal P2P Network Investigation Framework (UP2PNIF), a framework which
enables significantly faster and less labour intensive investigation of newly
discovered P2P networks through the exploitation of the commonalities in P2P
network functionality. In combination with a reference database of known
network characteristics, it is envisioned that any known P2P network can be
instantly investigated using the framework, which can intelligently determine
the best investigation methodology and greatly expedite the evidence gathering
process. A proof of concept tool was developed for conducting investigations on
the BitTorrent network.Comment: This is a thesis submitted in fulfilment of a PhD in Digital
Forensics and Cybercrime Investigation in the School of Computer Science,
University College Dublin in October 201
- …