751 research outputs found
I2PA : An Efficient ABC for IoT
Internet of Things (IoT) is very attractive because of its promises. However,
it brings many challenges, mainly issues about privacy preserving and
lightweight cryptography. Many schemes have been designed so far but none of
them simultaneously takes into account these aspects. In this paper, we propose
an efficient ABC scheme for IoT devices. We use ECC without pairing, blind
signing and zero knowledge proof. Our scheme supports block signing, selective
disclosure and randomization. It provides data minimization and transactions'
unlinkability. Our construction is efficient since smaller key size can be used
and computing time can be reduced. As a result, it is a suitable solution for
IoT devices characterized by three major constraints namely low energy power,
small storage capacity and low computing power
PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem
In a public-key infrastructure (PKI), clients must have an efficient and
secure way to determine whether a certificate was revoked (by an entity
considered as legitimate to do so), while preserving user privacy. A few
certification authorities (CAs) are currently responsible for the issuance of
the large majority of TLS certificates. These certificates are considered valid
only if the certificate of the issuing CA is also valid. The certificates of
these important CAs are effectively too big to be revoked, as revoking them
would result in massive collateral damage. To solve this problem, we redesign
the current revocation system with a novel approach that we call PKI Safety Net
(PKISN), which uses publicly accessible logs to store certificates (in the
spirit of Certificate Transparency) and revocations. The proposed system
extends existing mechanisms, which enables simple deployment. Moreover, we
present a complete implementation and evaluation of our scheme.Comment: IEEE EuroS&P 201
A PKC-Based Node Revocation Scheme in Wireless Sensor Networks
[[abstract]]Generally deployed in an unattended environment, a sensor network can be easily assaulted or compromised by adversaries. Network security becomes a major problem. A distributed node revocation scheme is effective in reducing the damages a compromised node may cause to a sensor network, but its operation tends to consume large-scale memory space of the hardware-constrained sensor nodes. To reduce such complexity, this paper presents a new distributed voting revocation scheme based on the one-way hash chain, the concept of threshold secret sharing, the certificate revocation list and the public-key cryptography.[[conferencetype]]國際[[conferencedate]]20071206~20071208[[iscallforpapers]]Y[[conferencelocation]]Jeju, Kore
MoPS: A Modular Protection Scheme for Long-Term Storage
Current trends in technology, such as cloud computing, allow outsourcing the
storage, backup, and archiving of data. This provides efficiency and
flexibility, but also poses new risks for data security. It in particular
became crucial to develop protection schemes that ensure security even in the
long-term, i.e. beyond the lifetime of keys, certificates, and cryptographic
primitives. However, all current solutions fail to provide optimal performance
for different application scenarios. Thus, in this work, we present MoPS, a
modular protection scheme to ensure authenticity and integrity for data stored
over long periods of time. MoPS does not come with any requirements regarding
the storage architecture and can therefore be used together with existing
archiving or storage systems. It supports a set of techniques which can be
plugged together, combined, and migrated in order to create customized
solutions that fulfill the requirements of different application scenarios in
the best possible way. As a proof of concept we implemented MoPS and provide
performance measurements. Furthermore, our implementation provides additional
features, such as guidance for non-expert users and export functionalities for
external verifiers.Comment: Original Publication (in the same form): ASIACCS 201
Formal Analysis of V2X Revocation Protocols
Research on vehicular networking (V2X) security has produced a range of
security mechanisms and protocols tailored for this domain, addressing both
security and privacy. Typically, the security analysis of these proposals has
largely been informal. However, formal analysis can be used to expose flaws and
ultimately provide a higher level of assurance in the protocols.
This paper focusses on the formal analysis of a particular element of
security mechanisms for V2X found in many proposals: the revocation of
malicious or misbehaving vehicles from the V2X system by invalidating their
credentials. This revocation needs to be performed in an unlinkable way for
vehicle privacy even in the context of vehicles regularly changing their
pseudonyms. The REWIRE scheme by Forster et al. and its subschemes BASIC and
RTOKEN aim to solve this challenge by means of cryptographic solutions and
trusted hardware.
Formal analysis using the TAMARIN prover identifies two flaws with some of
the functional correctness and authentication properties in these schemes. We
then propose Obscure Token (OTOKEN), an extension of REWIRE to enable
revocation in a privacy preserving manner. Our approach addresses the
functional and authentication properties by introducing an additional key-pair,
which offers a stronger and verifiable guarantee of successful revocation of
vehicles without resolving the long-term identity. Moreover OTOKEN is the first
V2X revocation protocol to be co-designed with a formal model.Comment: 16 pages, 4 figure
Efficient Key Management Schemes for Smart Grid
With the increasing digitization of different components of Smart Grid by incorporating smart(er) devices, there is an ongoing effort to deploy them for various applications. However, if these devices are compromised, they can reveal sensitive information from such systems. Therefore, securing them against cyber-attacks may represent the first step towards the protection of the critical infrastructure. Nevertheless, realization of the desirable security features such as confidentiality, integrity and authentication relies entirely on cryptographic keys that can be either symmetric or asymmetric. A major need, along with this, is to deal with managing these keys for a large number of devices in Smart Grid. While such key management can be easily addressed by transferring the existing protocols to Smart Grid domain, this is not an easy task, as one needs to deal with the limitations of the current communication infrastructures and resource-constrained devices in Smart Grid. In general, effective mechanisms for Smart Grid security must guarantee the security of the applications by managing (1) key revocation; and (2) key exchange. Moreover, such management should be provided without compromising the general performance of the Smart Grid applications and thus needs to incur minimal overhead to Smart Grid systems. This dissertation aims to fill this gap by proposing specialized key management techniques for resource and communication constrained Smart Grid environments. Specifically, motivated by the need of reducing the revocation management overhead, we first present a distributed public key revocation management scheme for Advanced Metering Infrastructure (AMI) by utilizing distributed hash trees (DHTs). The basic idea is to enable sharing of the burden among smart meters to reduce the overall overhead. Second, we propose another revocation management scheme by utilizing cryptographic accumulators, which reduces the space requirements for revocation information significantly. Finally, we turn our attention to symmetric key exchange problem and propose a 0-Round Trip Time (RTT) message exchange scheme to minimize the message exchanges. This scheme enables a lightweight yet secure symmetric key-exchange between field devices and the control center in Smart Gird by utilizing a dynamic hash chain mechanism. The evaluation of the proposed approaches show that they significantly out-perform existing conventional approaches
- …