5,903 research outputs found
Distributed Key Management for Secure Role Based Messaging
Secure Role Based Messaging (SRBM) augments messaging systems with role oriented communication in a secure manner. Role occupants can sign and decrypt messages on behalf of roles. This paper identifies the requirements of SRBM and recognises the need for: distributed key shares, fast membership revocation, mandatory security controls and detection of identity spoofing. A shared RSA scheme is constructed. RSA keys are shared and distributed to role occupants and role gate keepers. Role occupants and role gate keepers must cooperate together to use the key shares to sign and decrypt the messages. Role occupant signatures can be verified by an audit service. A SRBM system architecture is developed to show the security related performance of the proposed scheme, which also demonstrates the implementation of fast membership revocation, mandatory security control and prevention of spoofing. It is shown that the proposed scheme has successfully coupled distributed security with mandatory security controls to realize secure role based messaging
A Practical Set-Membership Proof for Privacy-Preserving NFC Mobile Ticketing
To ensure the privacy of users in transport systems, researchers are working
on new protocols providing the best security guarantees while respecting
functional requirements of transport operators. In this paper, we design a
secure NFC m-ticketing protocol for public transport that preserves users'
anonymity and prevents transport operators from tracing their customers' trips.
To this end, we introduce a new practical set-membership proof that does not
require provers nor verifiers (but in a specific scenario for verifiers) to
perform pairing computations. It is therefore particularly suitable for our
(ticketing) setting where provers hold SIM/UICC cards that do not support such
costly computations. We also propose several optimizations of Boneh-Boyen type
signature schemes, which are of independent interest, increasing their
performance and efficiency during NFC transactions. Our m-ticketing protocol
offers greater flexibility compared to previous solutions as it enables the
post-payment and the off-line validation of m-tickets. By implementing a
prototype using a standard NFC SIM card, we show that it fulfils the stringent
functional requirement imposed by transport operators whilst using strong
security parameters. In particular, a validation can be completed in 184.25 ms
when the mobile is switched on, and in 266.52 ms when the mobile is switched
off or its battery is flat
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components
The semiconductor industry is fully globalized and integrated circuits (ICs)
are commonly defined, designed and fabricated in different premises across the
world. This reduces production costs, but also exposes ICs to supply chain
attacks, where insiders introduce malicious circuitry into the final products.
Additionally, despite extensive post-fabrication testing, it is not uncommon
for ICs with subtle fabrication errors to make it into production systems.
While many systems may be able to tolerate a few byzantine components, this is
not the case for cryptographic hardware, storing and computing on confidential
data. For this reason, many error and backdoor detection techniques have been
proposed over the years. So far all attempts have been either quickly
circumvented, or come with unrealistically high manufacturing costs and
complexity.
This paper proposes Myst, a practical high-assurance architecture, that uses
commercial off-the-shelf (COTS) hardware, and provides strong security
guarantees, even in the presence of multiple malicious or faulty components.
The key idea is to combine protective-redundancy with modern threshold
cryptographic techniques to build a system tolerant to hardware trojans and
errors. To evaluate our design, we build a Hardware Security Module that
provides the highest level of assurance possible with COTS components.
Specifically, we employ more than a hundred COTS secure crypto-coprocessors,
verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to
realize high-confidentiality random number generation, key derivation, public
key decryption and signing. Our experiments show a reasonable computational
overhead (less than 1% for both Decryption and Signing) and an exponential
increase in backdoor-tolerance as more ICs are added
An efficient and secure RSA--like cryptosystem exploiting R\'edei rational functions over conics
We define an isomorphism between the group of points of a conic and the set
of integers modulo a prime equipped with a non-standard product. This product
can be efficiently evaluated through the use of R\'edei rational functions. We
then exploit the isomorphism to construct a novel RSA-like scheme. We compare
our scheme with classic RSA and with RSA-like schemes based on the cubic or
conic equation. The decryption operation of the proposed scheme turns to be two
times faster than RSA, and involves the lowest number of modular inversions
with respect to other RSA-like schemes based on curves. Our solution offers the
same security as RSA in a one-to-one communication and more security in
broadcast applications.Comment: 18 pages, 1 figur
How to securely replicate services (preliminary version)
A method is presented for constructing replicated services that retain their availability and integrity despite several servers and clients being corrupted by an intruder, in addition to others failing benignly. More precisely, a service is replicated by 'n' servers in such a way that a correct client will accept a correct server's response if, for some prespecified parameter, k, at least k servers are correct and fewer than k servers are correct. The issue of maintaining causality among client requests is also addressed. A security breach resulting from an intruder's ability to effect a violation of causality in the sequence of requests processed by the service is illustrated. An approach to counter this problem is proposed that requires that fewer than k servers are corrupt and, to ensure liveness, that k is less than or = n - 2t, where t is the assumed maximum total number of both corruptions and benign failures suffered by servers in any system run. An important and novel feature of these schemes is that the client need not be able to identify or authenticate even a single server. Instead, the client is required only to possess at most two public keys for the service
- âŠ