191 research outputs found
Recommended from our members
MobileTrust: Secure Knowledge Integration in VANETs
Vehicular Ad hoc NETworks (VANET) are becoming popular due to the emergence of the Internet of Things and ambient intelligence applications. In such networks, secure resource sharing functionality is accomplished by incorporating trust schemes. Current solutions adopt peer-to-peer technologies that can cover the large operational area. However, these systems fail to capture some inherent properties of VANETs, such as fast and ephemeral interaction, making robust trust evaluation of crowdsourcing challenging. In this article, we propose MobileTrust—a hybrid trust-based system for secure resource sharing in VANETs. The proposal is a breakthrough in centralized trust computing that utilizes cloud and upcoming 5G technologies to provide robust trust establishment with global scalability. The ad hoc communication is energy-efficient and protects the system against threats that are not countered by the current settings. To evaluate its performance and effectiveness, MobileTrust is modelled in the SUMO simulator and tested on the traffic features of the small-size German city of Eichstatt. Similar schemes are implemented in the same platform to provide a fair comparison. Moreover, MobileTrust is deployed on a typical embedded system platform and applied on a real smart car installation for monitoring traffic and road-state parameters of an urban application. The proposed system is developed under the EU-founded THREAT-ARREST project, to provide security, privacy, and trust in an intelligent and energy-aware transportation scenario, bringing closer the vision of sustainable circular economy
Verification of the Socio-Technical Aspects of Voting: The Case of the Polish Postal Vote 2020
Voting procedures are designed and implemented by people, for people, and
with significant human involvement. Thus, one should take into account the
human factors in order to comprehensively analyze properties of an election and
detect threats. In particular, it is essential to assess how actions and
strategies of the involved agents (voters, municipal office employees, mail
clerks) can influence the outcome of other agents' actions as well as the
overall outcome of the election. In this paper, we present our first attempt to
capture those aspects in a formal multi-agent model of the Polish presidential
election 2020. The election marked the first time when postal vote was
universally available in Poland. Unfortunately, the voting scheme was prepared
under time pressure and political pressure, and without the involvement of
experts. This might have opened up possibilities for various kinds of ballot
fraud, in-house coercion, etc. We propose a preliminary scalable model of the
procedure in the form of a Multi-Agent Graph, and formalize selected integrity
and security properties by formulas of agent logics. Then, we transform the
models and formulas so that they can be input to the state-of-art model checker
Uppaal. The first series of experiments demonstrates that verification scales
rather badly due to the state-space explosion. However, we show that a recently
developed technique of user-friendly model reduction by variable abstraction
allows us to verify more complex scenarios
Making Code Voting Secure against Insider Threats using Unconditionally Secure MIX Schemes and Human PSMT Protocols
Code voting was introduced by Chaum as a solution for using a possibly
infected-by-malware device to cast a vote in an electronic voting application.
Chaum's work on code voting assumed voting codes are physically delivered to
voters using the mail system, implicitly requiring to trust the mail system.
This is not necessarily a valid assumption to make - especially if the mail
system cannot be trusted. When conspiring with the recipient of the cast
ballots, privacy is broken.
It is clear to the public that when it comes to privacy, computers and
"secure" communication over the Internet cannot fully be trusted. This
emphasizes the importance of using: (1) Unconditional security for secure
network communication. (2) Reduce reliance on untrusted computers.
In this paper we explore how to remove the mail system trust assumption in
code voting. We use PSMT protocols (SCN 2012) where with the help of visual
aids, humans can carry out addition correctly with a 99\% degree of
accuracy. We introduce an unconditionally secure MIX based on the combinatorics
of set systems.
Given that end users of our proposed voting scheme construction are humans we
\emph{cannot use} classical Secure Multi Party Computation protocols.
Our solutions are for both single and multi-seat elections achieving:
\begin{enumerate}[i)]
\item An anonymous and perfectly secure communication network secure against
a -bounded passive adversary used to deliver voting,
\item The end step of the protocol can be handled by a human to evade the
threat of malware. \end{enumerate} We do not focus on active adversaries
A robust, reliable and deployable framework for In-vehicle security
Cyber attacks on financial and government institutions, critical infrastructure, voting systems, businesses, modern vehicles, etc., are on the rise. Fully connected autonomous vehicles are more vulnerable than ever to hacking and data theft. This is due to the fact that the protocols used for in-vehicle communication i.e. controller area network (CAN), FlexRay, local interconnect network (LIN), etc., lack basic security features such as message authentication, which makes it vulnerable to a wide range of attacks including spoofing attacks. This research presents methods to protect the vehicle against spoofing attacks. The proposed methods exploit uniqueness in the electronic control unit electronic control unit (ECU) and the physical channel between transmitting and destination nodes for linking the received packet to the source. Impurities in the digital device, physical channel, imperfections in design, material, and length of the channel contribute to the uniqueness of artifacts. I propose novel techniques for electronic control unit (ECU) identification in this research to address security vulnerabilities of the in-vehicle communication. The reliable ECU identification has the potential to prevent spoofing attacks launched over the CAN due to the inconsideration of the message authentication. In this regard, my techniques models the ECU-specific random distortion caused by the imperfections in digital-to-analog converter digital to analog converter (DAC), and semiconductor impurities in the transmitting ECU for fingerprinting. I also model the channel-specific random distortion, impurities in the physical channel, imperfections in design, material, and length of the channel are contributing factors behind physically unclonable artifacts. The lumped element model is used to characterize channel-specific distortions. This research exploits the distortion of the device (ECU) and distortion due to the channel to identify the transmitter and hence authenticate the transmitter.Ph.D.College of Engineering & Computer ScienceUniversity of Michigan-Dearbornhttps://deepblue.lib.umich.edu/bitstream/2027.42/154568/1/Azeem Hafeez Final Disseration.pdfDescription of Azeem Hafeez Final Disseration.pdf : Dissertatio
A Secure Integrated Framework for Fog-Assisted Internet of Things Systems
Fog-Assisted Internet of Things (Fog-IoT) systems are deployed in remote and unprotected environments, making them vulnerable to security, privacy, and trust challenges. Existing studies propose security schemes and trust models for these systems. However, mitigation of insider attacks, namely blackhole, sinkhole, sybil, collusion, self-promotion, and privilege escalation, has always been a challenge and mostly carried out by the legitimate nodes. Compared to other studies, this paper proposes a framework featuring attribute-based access control and trust-based behavioural monitoring to address the challenges mentioned above. The proposed framework consists of two components, the security component (SC) and the trust management component (TMC). SC ensures data confidentiality, integrity, authentication, and authorization. TMC evaluates Fog-IoT entities’ performance using a trust model based on a set of QoS and network communication features. Subsequently, trust is embedded as an attribute within SC’s access control policies, ensuring that only trusted entities are granted access to fog resources. Several attacking scenarios, namely DoS, DDoS, probing, and data theft are designed to elaborate on how the change in trust triggers the change in access rights and, therefore, validates the proposed integrated framework’s design principles. The framework is evaluated on a Raspberry Pi 3 Model B to benchmark its performance in terms of time and memory complexity. Our results show that both SC and TMC are lightweight and suitable for resource-constrained devices
Multi-Factor Key Derivation Function (MFKDF) for Fast, Flexible, Secure, & Practical Key Management
We present the first general construction of a Multi-Factor Key Derivation
Function (MFKDF). Our function expands upon password-based key derivation
functions (PBKDFs) with support for using other popular authentication factors
like TOTP, HOTP, and hardware tokens in the key derivation process. In doing
so, it provides an exponential security improvement over PBKDFs with less than
12 ms of additional computational overhead in a typical web browser. We further
present a threshold MFKDF construction, allowing for client-side key recovery
and reconstitution if a factor is lost. Finally, by "stacking" derived keys, we
provide a means of cryptographically enforcing arbitrarily specific key
derivation policies. The result is a paradigm shift toward direct cryptographic
protection of user data using all available authentication factors, with no
noticeable change to the user experience. We demonstrate the ability of our
solution to not only significantly improve the security of existing systems
implementing PBKDFs, but also to enable new applications where PBKDFs would not
be considered a feasible approach.Comment: To appear in USENIX Security '2
- …