Privacy Preserving Cryptographic Protocols for Secure Heterogeneous Networks

Disertační práce se zabývá kryptografickými protokoly poskytující ochranu soukromí, které jsou určeny pro zabezpečení komunikačních a informačních systémů tvořících heterogenní sítě. Práce se zaměřuje především na možnosti využití nekonvenčních kryptografických prostředků, které poskytují rozšířené bezpečnostní požadavky, jako je například ochrana soukromí uživatelů komunikačního systému. V práci je stanovena výpočetní náročnost kryptografických a matematických primitiv na různých zařízeních, které se podílí na zabezpečení heterogenní sítě. Hlavní cíle práce se zaměřují na návrh pokročilých kryptografických protokolů poskytujících ochranu soukromí. V práci jsou navrženy celkově tři protokoly, které využívají skupinových podpisů založených na bilineárním párování pro zajištění ochrany soukromí uživatelů. Tyto navržené protokoly zajišťují ochranu soukromí a nepopiratelnost po celou dobu datové komunikace spolu s autentizací a integritou přenášených zpráv. Pro navýšení výkonnosti navržených protokolů je využito optimalizačních technik, např. dávkového ověřování, tak aby protokoly byly praktické i pro heterogenní sítě.The dissertation thesis deals with privacy-preserving cryptographic protocols for secure communication and information systems forming heterogeneous networks. The thesis focuses on the possibilities of using non-conventional cryptographic primitives that provide enhanced security features, such as the protection of user privacy in communication systems. In the dissertation, the performance of cryptographic and mathematic primitives on various devices that participate in the security of heterogeneous networks is evaluated. The main objectives of the thesis focus on the design of advanced privacy-preserving cryptographic protocols. There are three designed protocols which use pairing-based group signatures to ensure user privacy. These proposals ensure the protection of user privacy together with the authentication, integrity and non-repudiation of transmitted messages during communication. The protocols employ the optimization techniques such as batch verification to increase their performance and become more practical in heterogeneous networks.

C-FLAT: Control-FLow ATtestation for Embedded Systems Software

Remote attestation is a crucial security service particularly relevant to increasingly popular IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a remote, and potentially malware-infected, device (prover). Most existing approaches are static in nature and only check whether benign software is initially loaded on the prover. However, they are vulnerable to run-time attacks that hijack the application's control or data flow, e.g., via return-oriented programming or data-oriented exploits. As a concrete step towards more comprehensive run-time remote attestation, we present the design and implementation of Control- FLow ATtestation (C-FLAT) that enables remote attestation of an application's control-flow path, without requiring the source code. We describe a full prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone hardware security extensions. We evaluate C-FLAT's performance using a real-world embedded (cyber-physical) application, and demonstrate its efficacy against control-flow hijacking attacks.Comment: Extended version of article to appear in CCS '16 Proceedings of the 23rd ACM Conference on Computer and Communications Securit

Analysis Of Data Stratification In A Multi-Sensor Fingerprint Dataset Using Match Score Statistics

Biometric data is an essential feature employed in testing the performance of any real time biometric recognition system prior to its usage. The variations introduced in the match performance critically determine the authenticity of the biometric data to be able to be used in an everyday scenario for the testing of biometric verification systems. This study in totality aims at understanding the impact of data stratification of a such a biometric test dataset on the match performance of each of its stratum. In order to achieve this goal, the fingerprint dataset of the West Virginia University\u27s 2012 BioCOP has been employed which is a part of the many multimodal biometric data collection projects that the University has accomplished. This test dataset has been initially segmented based on the scanners employed in the process of data acquisition to check for the variations in match performance with reference to the acquisition device. The secondary stage of data stratification included the creation of stratum based on the demographic features of the subjects in the dataset.;The main objectives this study aims to achieve are:;• Developing a framework to assess the match score distributions of each stratum..;• Assessing the match performance of demographic strata in comparison to the total dataset..;• Statistical match performance evaluation using match score statistics..;Following the generation of genuine and imposter match score distributions , Receiver Operating Characteristic Curves (ROC) were plotted to compare the match performance of each demographic stratum with respect to the total dataset. The divergence measures KLD and JSD have been calculated which signify the amount of variation between the match score distributions of each stratum. With the help of these procedures, the task of estimating the effect of data stratification on the match performance has been accomplished which serves as a measure of understanding the impact of this fingerprint dataset when used for biometric testing purposes

Implementing EFECT

Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2001.Includes bibliographical references (p. 49-50).This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.This thesis describes the design, implementation, and benchmarking of a software prototype of EFECT [EFECT], a new certificate scheme that handles revocation more gracefully than do current schemes. This prototype includes a client browser, a certificate verification tree library, and a directory server. The thesis includes analysis, both mathematical and empirical, to determine the optimal values of EFECT's parameters in terms of both speed and space. Finally, the thesis includes a benchmark comparison of the optimized EFECT and a comparable X.509 [X509] system. This comparison serves as proof that EFECT does indeed outperform the X.509 scheme in some common scenarios.by Ivan Nestlerode.M.Eng

CardS4: modal theorem proving on Java smart cards, Journal of Telecommunications and Information Technology, 2002, nr 4

We describe a successful implementation of a theorem prover for modal logic S4 that runs on a Java smart card with only 512 KBytes of RAM and 32 KBytes of EEPROM. Since proof search in S4 can lead to infinite branches, this is “proof of principle” that non-trivial modal deduction is feasible even on current Java cards. We hope to use this prover as the basis of an on-board security manager for restricting the flow of “secrets” between multiple applets residing on the same card, although much work needs to be done to design the appropriate modal logics of “permission” and “obligations”. Such security concerns are the major impediments to the commercial deployment of multi-application smart cards

The software JMulTi

Die Dissertation entwickelt und untersucht Methoden für die Analyse dynamischer Mehrgleichungsmodelle (VAR Modelle). Zuerst wird ein allgemeines Konzept für die Einbindung statistischer Prozeduren in eine menügesteuerte Software entwickelt. Die resultierende Java--Bibliothek besteht aus konfigurierbaren Oberflächenkomponenten und Funktionen, die die Kommunikation zum statistischen Softwarepaket GAUSS ermöglichen. Diese Bibliothek ist die Grundlage für die Software JMulTi, einem menügeführten Programm zur Analyse univariater und multivariater Zeitreihen. Der Einsatz von JMulTi bei der Analyse von VAR Modellen wird anschließend dokumentiert. Dazu werden für den monetären Sektor in Deutschland unrestringierte und restringierte VAR Modelle geschätzt und unterschiedliche Bootstrapkonfidenzintervallen für Impulsantworten berechnet und verglichen. Diese Intervalle sind Gegenstand einer abschließenden und detaillierten Analyse. Es wird untersucht, ob die in JMulTi verwendeten Bootstrapverfahren (und weitergehende Vorschläge wie z.B. das Subsampling) in der Lage sind, die mögliche Inkonsistenz des standardasymptotischen Verfahrens bei der Berechnung von Konfidenzintervallen für Impulsantworten zu überwinden. Eine Monte-Carlo-Studie illustriert die Leistungsfähigkeit der untersuchten Methoden.The thesis develops and examines tools for the analysis of dynamic multi-equation models (VAR models). First, a general concept for the integration of statistic procedures into a menu controlled software is developed. The resulting Java-library consists of configurable graphical user interface components and functions, which allow communication to the statistic software package GAUSS. This library is the basis for the software JMulTi, a menu-driven program for analyzing univariate and multivariate time series. The use of JMulTi for analyzing VAR models is documented next. Unrestricted and restricted VAR models for the monetary sector of Germany are estimated and different bootstrap confidence intervals for impulse responses are computed and compared. These intervals are subject of a concluding and detailed analysis. It is examined whether the bootstrap methods used in JMulTi (and further suggestions, e.g. the subsampling) are able to overcome the possible inconsistency of the standard asymptotic method when computing confidence intervals for impulse responses. A Monte-Carlo-study illustrates the performance of the examined methods

Ramasse-miettes générationnel et incémental gérant les cycles et les gros objets en utilisant des frames délimités

Ces dernières années, des recherches ont été menées sur plusieurs techniques reliées à la collection des déchets. Plusieurs découvertes centrales pour le ramassage de miettes par copie ont été réalisées. Cependant, des améliorations sont encore possibles. Dans ce mémoire, nous introduisons des nouvelles techniques et de nouveaux algorithmes pour améliorer le ramassage de miettes. En particulier, nous introduisons une technique utilisant des cadres délimités pour marquer et retracer les pointeurs racines. Cette technique permet un calcul efficace de l'ensemble des racines. Elle réutilise des concepts de deux techniques existantes, card marking et remembered sets, et utilise une configuration bidirectionelle des objets pour améliorer ces concepts en stabilisant le surplus de mémoire utilisée et en réduisant la charge de travail lors du parcours des pointeurs. Nous présentons aussi un algorithme pour marquer récursivement les objets rejoignables sans utiliser de pile (éliminant le gaspillage de mémoire habituel). Nous adaptons cet algorithme pour implémenter un ramasse-miettes copiant en profondeur et améliorer la localité du heap. Nous améliorons l'algorithme de collection des miettes older-first et sa version générationnelle en ajoutant une phase de marquage garantissant la collection de toutes les miettes, incluant les structures cycliques réparties sur plusieurs fenêtres. Finalement, nous introduisons une technique pour gérer les gros objets. Pour tester nos idées, nous avons conçu et implémenté, dans la machine virtuelle libre Java SableVM, un cadre de développement portable et extensible pour la collection des miettes. Dans ce cadre, nous avons implémenté des algorithmes de collection semi-space, older-first et generational. Nos expérimentations montrent que la technique du cadre délimité procure des performances compétitives pour plusieurs benchmarks. Elles montrent aussi que, pour la plupart des benchmarks, notre algorithme de parcours en profondeur améliore la localité et augmente ainsi la performance. Nos mesures de la performance générale montrent que, utilisant nos techniques, un ramasse-miettes peut délivrer une performance compétitive et surpasser celle des ramasses-miettes existants pour plusieurs benchmarks. ______________________________________________________________________________ MOTS-CLÉS DE L’AUTEUR : Ramasse-Miettes, Machine Virtuelle, Java, SableVM

Privacy-preserving security solution for cloud services

AbstractWe propose a novel privacy-preserving security solution for cloud services. Our solution is based on an efficient non-bilinear group signature scheme providing the anonymous access to cloud services and shared storage servers. The novel solution offers anonymous authenticationfor registered users. Thus, users' personal attributes (age, valid registration, successful payment) can be proven without revealing users' identity, and users can use cloud services without any threat of profiling their behavior. However, if a user breaks provider's rules, his access right is revoked. Our solution provides anonymous access, unlinkability and the confidentiality of transmitted data. We implement our solution as a proof of concept applicationand present the experimental results. Further, we analyzecurrent privacy preserving solutions for cloud services and group signature schemes as basic parts of privacy enhancing solutions in cloud services. We compare the performance of our solution with the related solutionsand schemes