Edge-Assisted Vehicular Networks Security.

Política de acceso abierto tomada de: https://v2.sherpa.ac.uk/id/publication/29486?template=romeoEdge Computing paradigms are expected to solve some major problems affecting current application scenarios that rely on Cloud computing resources to operate. These novel paradigms will bring computational resources closer to the users and by doing so they will not only reduce network latency and bandwidth utilization but will also introduce some attractive context-awareness features to these systems. In this paper we show how the enticing features introduced by Edge Computing paradigms can be exploited to improve security and privacy in the critical scenario of vehicular networks (VN), especially existing authentication and revocation issues. In particular, we analyze the security challenges in VN and describe three deployment models for vehicular edge computing, which refrain from using vehicular-to-vehicular communications. The result is that the burden imposed to vehicles is considerably reduced without sacrificing the security or functional features expected in vehicular scenarios

A Practical Set-Membership Proof for Privacy-Preserving NFC Mobile Ticketing

To ensure the privacy of users in transport systems, researchers are working on new protocols providing the best security guarantees while respecting functional requirements of transport operators. In this paper, we design a secure NFC m-ticketing protocol for public transport that preserves users' anonymity and prevents transport operators from tracing their customers' trips. To this end, we introduce a new practical set-membership proof that does not require provers nor verifiers (but in a specific scenario for verifiers) to perform pairing computations. It is therefore particularly suitable for our (ticketing) setting where provers hold SIM/UICC cards that do not support such costly computations. We also propose several optimizations of Boneh-Boyen type signature schemes, which are of independent interest, increasing their performance and efficiency during NFC transactions. Our m-ticketing protocol offers greater flexibility compared to previous solutions as it enables the post-payment and the off-line validation of m-tickets. By implementing a prototype using a standard NFC SIM card, we show that it fulfils the stringent functional requirement imposed by transport operators whilst using strong security parameters. In particular, a validation can be completed in 184.25 ms when the mobile is switched on, and in 266.52 ms when the mobile is switched off or its battery is flat

Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments

Decentralized systems are a subset of distributed systems where multiple authorities control different components and no authority is fully trusted by all. This implies that any component in a decentralized system is potentially adversarial. We revise fifteen years of research on decentralization and privacy, and provide an overview of key systems, as well as key insights for designers of future systems. We show that decentralized designs can enhance privacy, integrity, and availability but also require careful trade-offs in terms of system complexity, properties provided, and degree of decentralization. These trade-offs need to be understood and navigated by designers. We argue that a combination of insights from cryptography, distributed systems, and mechanism design, aligned with the development of adequate incentives, are necessary to build scalable and successful privacy-preserving decentralized systems

Self-sovereign identity decentralized identifiers, claims and credentials using non decentralized ledger technology

Dissertação de mestrado integrado em Engenharia InformáticaCurrent identity management systems rely on centralized databases to store user’s personal data, which poses a great risks for data security, as these infrastructure create a critical point of failure for the whole system. Beside that service providers have to bear huge maintenance costs and comply with strict data protection regulations. Self-sovereign identity (SSI) is a new identity management paradigm that tries to answer some of these problems by providing a decentralized user-centric identity management system that gives users full control of their personal data. Some of its underlying concepts include Decentralized Identifiers (DIDs), Verifiable Claims and Credentials. This approach does not rely on any central authority to enforce trust as it often uses Blockchain or other Decentralized Ledger Technologies (DLT) as the trust anchor of the system, although other decentralized network or databases could also be used for the same purpose. This thesis focuses on finding alternative solutions to DLT, in the context of SSI. Despite being the most used solution some DLTs are known to lack scalability and performance, and since a global identity management system heavily relies on these two requirements it might not be the best solution to the problem. This document provides an overview of the state of the art and main standards of SSI, and then focuses on a non-DLT approach to SSI, referencing non-DLT implementations and alternative decentralized infrastructures that can be used to replace DLTs in SSI. It highlights some of the limitations associated with using DLTs for identity management and presents a SSI framework based on decentralized names systems and networks. This framework couples all the main functionalities needed to create different SSI agents, which were showcased in a proof of concept application.Actualmente os sistemas de gestão de identidade digital estão dependentes de bases de dados centralizadas para o armazenamento de dados pessoais dos seus utilizadores. Isto representa um elevado risco de segurança, uma vez que estas infra-estruturas representam um ponto crítico de falha para todo o sistema. Para além disso os service providers têm que suportam elevados custos de manutenção para armazenar toda esta informaçao e ainda são obrigados a cumprir as normas de protecção de dados existentes. Self-sovereign identity (SSI) é um novo paradigma de identidade digital que tenta dar resposta a alguns destes problemas, criando um sistema focado no utilizador e totalmente descentralizado que oferece aos utilizadores total controlo sobre os seus dados pessoais. Alguns dos conceitos subjacentes incluem Decentalized Identifiers (DIDs), Verifiable Credentials e Presentations. Esta abordagem não depende de qualquer autoridade central para estabelecer confiança, dado que utiliza Blockchains ou outras Decentralized Ledger Technilogies (DLT) como âncora de confiança do sistema. No entanto outras redes ou bases de dados descentralizadas podem também ser utilizadas para alcançar o mesmo objectivo. Esta tese concentra-se em encontrar soluções alternativas para a DLT no âmbito da SSI. Apesar de esta ser a solução mais utilizada, sabe-se que algumas DLTs carecem de escalabilidade e desempenho. Sendo que um sistema de identidade digital com abrangência global dependerá bastante destes dois requisitos, esta pode não ser a melhor solução. Este documento fornece uma visão geral do estado da arte e principais standards da SSI, focando-se de seguida numa abordagem não DLT, que inclui uma breve referência a implementações não-DLT e tecnologias alternativas que poderão ser utilizadas para substituir as DLTs na SSI. Alem disso aborda algumas das principais limitações associadas ao uso de DLTs na gestão de identidades digitais e apresenta uma framework baseada em name systems e redes descentralizadas. Esta framework inclui as principais funcionalidades necessárias para implementar os diferentes agentes SSI, que foram demonstradas através de algumas aplicações proof of concept

PKI Scalability Issues

This report surveys different PKI technologies such as PKIX and SPKI and the issues of PKI that affect scalability. Much focus is spent on certificate revocation methodologies and status verification systems such as CRLs, Delta-CRLs, CRS, Certificate Revocation Trees, Windowed Certificate Revocation, OCSP, SCVP and DVCS.Comment: 23 pages, 2 figure

EMI Security Architecture

This document describes the various architectures of the three middlewares that comprise the EMI software stack. It also outlines the common efforts in the security area that allow interoperability between these middlewares. The assessment of the EMI Security presented in this document was performed internally by members of the Security Area of the EMI project

Data Minimisation in Communication Protocols: A Formal Analysis Framework and Application to Identity Management

With the growing amount of personal information exchanged over the Internet, privacy is becoming more and more a concern for users. One of the key principles in protecting privacy is data minimisation. This principle requires that only the minimum amount of information necessary to accomplish a certain goal is collected and processed. "Privacy-enhancing" communication protocols have been proposed to guarantee data minimisation in a wide range of applications. However, currently there is no satisfactory way to assess and compare the privacy they offer in a precise way: existing analyses are either too informal and high-level, or specific for one particular system. In this work, we propose a general formal framework to analyse and compare communication protocols with respect to privacy by data minimisation. Privacy requirements are formalised independent of a particular protocol in terms of the knowledge of (coalitions of) actors in a three-layer model of personal information. These requirements are then verified automatically for particular protocols by computing this knowledge from a description of their communication. We validate our framework in an identity management (IdM) case study. As IdM systems are used more and more to satisfy the increasing need for reliable on-line identification and authentication, privacy is becoming an increasingly critical issue. We use our framework to analyse and compare four identity management systems. Finally, we discuss the completeness and (re)usability of the proposed framework