622 research outputs found
A Storage-Efficient Cryptography-Based Access Control Solution for Subversion
Version control systems are widely used in software development and document management. Unfortunately, versioningconfidential files is not normally supported: Existing solutions encrypt the transport channel, but store data in plaintext within a repository. We come up with an accesscontrol solution that allows secure versioning of confidential files even in the presence of a malicious server administrator.Using convergent encryption as a building block, we enable space-efficient storage of version histories despite secure encryption. We describe an implementation of our conceptfor the Subversion (SVN) system, and evaluate storage efficiency and runtime of this implementation. Our implementation is compatible with existing SVN versions withoutrequiring changes to the storage backend
A Flexible Network Approach to Privacy of Blockchain Transactions
For preserving privacy, blockchains can be equipped with dedicated mechanisms
to anonymize participants. However, these mechanism often take only the
abstraction layer of blockchains into account whereas observations of the
underlying network traffic can reveal the originator of a transaction request.
Previous solutions either provide topological privacy that can be broken by
attackers controlling a large number of nodes, or offer strong and
cryptographic privacy but are inefficient up to practical unusability. Further,
there is no flexible way to trade privacy against efficiency to adjust to
practical needs. We propose a novel approach that combines existing mechanisms
to have quantifiable and adjustable cryptographic privacy which is further
improved by augmented statistical measures that prevent frequent attacks with
lower resources. This approach achieves flexibility for privacy and efficency
requirements of different blockchain use cases.Comment: 6 pages, 2018 IEEE 38th International Conference on Distributed
Computing Systems (ICDCS
Git as an Encrypted Distributed Version Control System
This thesis develops and presents a secure Git implementation, Git Virtual Vault (GV2), for users of Git to work on sensitive projects with repositories located in unsecure distributed environments, such as in cloud computing. This scenario is common within the Department of Defense, as much work is of a sensitive nature. In order to provide security to Git, additional functionality is added for confidentiality and integrity protection. This thesis examines existing Git encryption implementations and baselines their performance compared to unencrypted Git. Real-world Git repositories are examined to characterize typical Git usage and determine if the existing Git encryption implementations are capable of efficient performance with regards to typical Git usage. This research shows that the existing Git encryption implementations do not provide efficient performance. This research develops an improved secure Git implementation, GV2, with transparent authenticated encryption. The fundamental contribution of this research is developing GV2 to perform Git garbage collection on plaintext data before encrypting the data. The result is a secure Git implementation that is transparent to the user with only a minor performance penalty, compared to unencrypted Git
Patterns and Interactions in Network Security
Networks play a central role in cyber-security: networks deliver security
attacks, suffer from them, defend against them, and sometimes even cause them.
This article is a concise tutorial on the large subject of networks and
security, written for all those interested in networking, whether their
specialty is security or not. To achieve this goal, we derive our focus and
organization from two perspectives. The first perspective is that, although
mechanisms for network security are extremely diverse, they are all instances
of a few patterns. Consequently, after a pragmatic classification of security
attacks, the main sections of the tutorial cover the four patterns for
providing network security, of which the familiar three are cryptographic
protocols, packet filtering, and dynamic resource allocation. Although
cryptographic protocols hide the data contents of packets, they cannot hide
packet headers. When users need to hide packet headers from adversaries, which
may include the network from which they are receiving service, they must resort
to the pattern of compound sessions and overlays. The second perspective comes
from the observation that security mechanisms interact in important ways, with
each other and with other aspects of networking, so each pattern includes a
discussion of its interactions.Comment: 63 pages, 28 figures, 56 reference
Security of Linear Secret-Sharing Schemes against Mass Surveillance
Following the line of work presented recently by Bellare, Paterson and Rogaway, we formalize and investigate the resistance of linear secret-sharing schemes to mass surveillance. This primitive is widely used to design IT systems in the modern computer world, and often it is implemented by a proprietary code that the provider (“big brother”) could manipulate to covertly violate the privacy of the users (by implementing Algorithm-Substitution Attacks or ASAs). First, we formalize the security notion that expresses the goal of big brother and prove that for any linear secret-sharing scheme there exists an undetectable subversion of it that efficiently allows surveillance. Second, we formalize the security notion that assures that a sharing scheme is secure against ASAs and construct the first sharing scheme that meets this notion. This work could serve as an important building block towards constructing systems secure against mass surveillance
- …