29,118 research outputs found

    eIDeCert: a user-centric solution for mobile identification

    No full text
    The necessity to certify one's identity for different purposes and the evolution of mobile technologies have led to the generation of electronic devices such as smart cards, and electronic identities designed to meet daily needs. Nevertheless, these mechanisms have a problem: they don't allow the user to set the scope of the information presented. That problem introduces interesting security and privacy challenges and requires the development of a new tool that supports user-centrity for the information being handled. This article presents eIDeCert, a tool for the management of electronic identities (eIDs) in a mobile environment with a user-centric approach. Taking advantage of existing eCert technology we will be able to solve a real problem. On the other hand, the application takes us to the boundary of what the technology can cope with: we will assess how close we are to the boundary, and we will present an idea of what the next step should be to enable us to reach the goal

    I2PA : An Efficient ABC for IoT

    Get PDF
    Internet of Things (IoT) is very attractive because of its promises. However, it brings many challenges, mainly issues about privacy preserving and lightweight cryptography. Many schemes have been designed so far but none of them simultaneously takes into account these aspects. In this paper, we propose an efficient ABC scheme for IoT devices. We use ECC without pairing, blind signing and zero knowledge proof. Our scheme supports block signing, selective disclosure and randomization. It provides data minimization and transactions' unlinkability. Our construction is efficient since smaller key size can be used and computing time can be reduced. As a result, it is a suitable solution for IoT devices characterized by three major constraints namely low energy power, small storage capacity and low computing power

    PKI Scalability Issues

    Full text link
    This report surveys different PKI technologies such as PKIX and SPKI and the issues of PKI that affect scalability. Much focus is spent on certificate revocation methodologies and status verification systems such as CRLs, Delta-CRLs, CRS, Certificate Revocation Trees, Windowed Certificate Revocation, OCSP, SCVP and DVCS.Comment: 23 pages, 2 figure

    SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems

    Full text link
    Several years of academic and industrial research efforts have converged to a common understanding on fundamental security building blocks for the upcoming Vehicular Communication (VC) systems. There is a growing consensus towards deploying a special-purpose identity and credential management infrastructure, i.e., a Vehicular Public-Key Infrastructure (VPKI), enabling pseudonymous authentication, with standardization efforts towards that direction. In spite of the progress made by standardization bodies (IEEE 1609.2 and ETSI) and harmonization efforts (Car2Car Communication Consortium (C2C-CC)), significant questions remain unanswered towards deploying a VPKI. Deep understanding of the VPKI, a central building block of secure and privacy-preserving VC systems, is still lacking. This paper contributes to the closing of this gap. We present SECMACE, a VPKI system, which is compatible with the IEEE 1609.2 and ETSI standards specifications. We provide a detailed description of our state-of-the-art VPKI that improves upon existing proposals in terms of security and privacy protection, and efficiency. SECMACE facilitates multi-domain operations in the VC systems and enhances user privacy, notably preventing linking pseudonyms based on timing information and offering increased protection even against honest-but-curious VPKI entities. We propose multiple policies for the vehicle-VPKI interactions, based on which and two large-scale mobility trace datasets, we evaluate the full-blown implementation of SECMACE. With very little attention on the VPKI performance thus far, our results reveal that modest computing resources can support a large area of vehicles with very low delays and the most promising policy in terms of privacy protection can be supported with moderate overhead.Comment: 14 pages, 9 figures, 10 tables, IEEE Transactions on Intelligent Transportation System

    Repeat prescribing of medications: a system-centred risk management model for primary care organisations

    Get PDF
    Rationale, aims and objectives: Reducing preventable harm from repeat medication prescriptions is a patient safety priority worldwide. In the United Kingdom, repeat prescriptions items issued has doubled in the last 20 years from 5.8 to 13.3 items per patient per annum. This has significant resource implications and consequences for avoidable patient harms. Consequently, we aimed to test a risk management model to identify, measure, and reduce repeat prescribing system risks in primary care. Methods: All 48 general medical practices in National Health Service (NHS) Lambeth Clinical Commissioning Group (an inner city area of south London in England) were recruited. Multiple interventions were implemented, including educational workshops, a web-based risk monitoring system, and external reviews of repeat prescribing system risks by clinicians. Data were collected via documentation reviews and interviews and subject to basic thematic and descriptive statistical analyses. Results: Across the 48 participating general practices, 62 unique repeat prescribing risks were identified on 505 occasions (eg, practices frequently experiencing difficulty interpreting medication changes on hospital discharge summaries), equating to a mean of 8.1 risks per practice (range: 1-33; SD = 7.13). Seven hundred sixty-seven system improvement actions were recommended across 96 categories (eg, alerting hospitals to illegible writing and delays with discharge summaries) with a mean of 15.6 actions per practice (range: 0-34; SD = 8.0). Conclusions: The risk management model tested uncovered important safety concerns and facilitated the development and communication of related improvement recommendations. System-wide information on hazardous repeat prescribing and how this could be mitigated is very limited. The approach reported may have potential to close this gap and improve the reliability of general practice systems and patient safety, which should be of high interest to primary care organisations internationally

    Session Initiation Protocol Attacks and Challenges

    Full text link
    In recent years, Session Initiation Protocol (SIP) has become widely used in current internet protocols. It is a text-based protocol much like Hyper Text Transport Protocol (HTTP) and Simple Mail Transport Protocol (SMTP). SIP is a strong enough signaling protocol on the internet for establishing, maintaining, and terminating session. In this paper the areas of security and attacks in SIP are discussed. We consider attacks from diverse related perspectives. The authentication schemes are compared, the representative existing solutions are highlighted, and several remaining research challenges are identified. Finally, the taxonomy of SIP threat will be presented

    Building Secure and Anonymous Communication Channel: Formal Model and its Prototype Implementation

    Full text link
    Various techniques need to be combined to realize anonymously authenticated communication. Cryptographic tools enable anonymous user authentication while anonymous communication protocols hide users' IP addresses from service providers. One simple approach for realizing anonymously authenticated communication is their simple combination, but this gives rise to another issue; how to build a secure channel. The current public key infrastructure cannot be used since the user's public key identifies the user. To cope with this issue, we propose a protocol that uses identity-based encryption for packet encryption without sacrificing anonymity, and group signature for anonymous user authentication. Communications in the protocol take place through proxy entities that conceal users' IP addresses from service providers. The underlying group signature is customized to meet our objective and improve its efficiency. We also introduce a proof-of-concept implementation to demonstrate the protocol's feasibility. We compare its performance to SSL communication and demonstrate its practicality, and conclude that the protocol realizes secure, anonymous, and authenticated communication between users and service providers with practical performance.Comment: This is a preprint version of our paper presented in SAC'14, March 24-28, 2014, Gyeongju, Korea. ACMSAC 201
    corecore