1,353 research outputs found
Edge-Assisted Vehicular Networks Security.
PolĂtica de acceso abierto tomada de: https://v2.sherpa.ac.uk/id/publication/29486?template=romeoEdge Computing paradigms are expected to solve
some major problems affecting current application scenarios that
rely on Cloud computing resources to operate. These novel
paradigms will bring computational resources closer to the users
and by doing so they will not only reduce network latency and
bandwidth utilization but will also introduce some attractive
context-awareness features to these systems. In this paper we
show how the enticing features introduced by Edge Computing
paradigms can be exploited to improve security and privacy in
the critical scenario of vehicular networks (VN), especially
existing authentication and revocation issues. In particular, we
analyze the security challenges in VN and describe three
deployment models for vehicular edge computing, which refrain
from using vehicular-to-vehicular communications. The result is
that the burden imposed to vehicles is considerably reduced
without sacrificing the security or functional features expected in
vehicular scenarios
A Practical Set-Membership Proof for Privacy-Preserving NFC Mobile Ticketing
To ensure the privacy of users in transport systems, researchers are working
on new protocols providing the best security guarantees while respecting
functional requirements of transport operators. In this paper, we design a
secure NFC m-ticketing protocol for public transport that preserves users'
anonymity and prevents transport operators from tracing their customers' trips.
To this end, we introduce a new practical set-membership proof that does not
require provers nor verifiers (but in a specific scenario for verifiers) to
perform pairing computations. It is therefore particularly suitable for our
(ticketing) setting where provers hold SIM/UICC cards that do not support such
costly computations. We also propose several optimizations of Boneh-Boyen type
signature schemes, which are of independent interest, increasing their
performance and efficiency during NFC transactions. Our m-ticketing protocol
offers greater flexibility compared to previous solutions as it enables the
post-payment and the off-line validation of m-tickets. By implementing a
prototype using a standard NFC SIM card, we show that it fulfils the stringent
functional requirement imposed by transport operators whilst using strong
security parameters. In particular, a validation can be completed in 184.25 ms
when the mobile is switched on, and in 266.52 ms when the mobile is switched
off or its battery is flat
Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments
Decentralized systems are a subset of distributed systems where multiple
authorities control different components and no authority is fully trusted by
all. This implies that any component in a decentralized system is potentially
adversarial. We revise fifteen years of research on decentralization and
privacy, and provide an overview of key systems, as well as key insights for
designers of future systems. We show that decentralized designs can enhance
privacy, integrity, and availability but also require careful trade-offs in
terms of system complexity, properties provided, and degree of
decentralization. These trade-offs need to be understood and navigated by
designers. We argue that a combination of insights from cryptography,
distributed systems, and mechanism design, aligned with the development of
adequate incentives, are necessary to build scalable and successful
privacy-preserving decentralized systems
Self-sovereign identity decentralized identifiers, claims and credentials using non decentralized ledger technology
Dissertação de mestrado integrado em Engenharia InformĂĄticaCurrent identity management systems rely on centralized databases to store userâs personal data, which poses
a great risks for data security, as these infrastructure create a critical point of failure for the whole system. Beside
that service providers have to bear huge maintenance costs and comply with strict data protection regulations.
Self-sovereign identity (SSI) is a new identity management paradigm that tries to answer some of these
problems by providing a decentralized user-centric identity management system that gives users full control of
their personal data. Some of its underlying concepts include Decentralized Identifiers (DIDs), Verifiable Claims
and Credentials. This approach does not rely on any central authority to enforce trust as it often uses Blockchain
or other Decentralized Ledger Technologies (DLT) as the trust anchor of the system, although other decentralized
network or databases could also be used for the same purpose.
This thesis focuses on finding alternative solutions to DLT, in the context of SSI. Despite being the most used
solution some DLTs are known to lack scalability and performance, and since a global identity management
system heavily relies on these two requirements it might not be the best solution to the problem.
This document provides an overview of the state of the art and main standards of SSI, and then focuses on
a non-DLT approach to SSI, referencing non-DLT implementations and alternative decentralized infrastructures
that can be used to replace DLTs in SSI. It highlights some of the limitations associated with using DLTs for
identity management and presents a SSI framework based on decentralized names systems and networks. This
framework couples all the main functionalities needed to create different SSI agents, which were showcased in
a proof of concept application.Actualmente os sistemas de gestĂŁo de identidade digital estĂŁo dependentes de bases de dados centralizadas
para o armazenamento de dados pessoais dos seus utilizadores. Isto representa um elevado risco de segurança,
uma vez que estas infra-estruturas representam um ponto crĂtico de falha para todo o sistema. Para alĂ©m disso
os service providers tĂȘm que suportam elevados custos de manutenção para armazenar toda esta informaçao
e ainda são obrigados a cumprir as normas de protecção de dados existentes.
Self-sovereign identity (SSI) Ă© um novo paradigma de identidade digital que tenta dar resposta a alguns destes
problemas, criando um sistema focado no utilizador e totalmente descentralizado que oferece aos utilizadores
total controlo sobre os seus dados pessoais. Alguns dos conceitos subjacentes incluem Decentalized Identifiers
(DIDs), Verifiable Credentials e Presentations. Esta abordagem nĂŁo depende de qualquer autoridade central
para estabelecer confiança, dado que utiliza Blockchains ou outras Decentralized Ledger Technilogies (DLT)
como ùncora de confiança do sistema. No entanto outras redes ou bases de dados descentralizadas podem
também ser utilizadas para alcançar o mesmo objectivo.
Esta tese concentra-se em encontrar soluçÔes alternativas para a DLT no ùmbito da SSI. Apesar de esta ser
a solução mais utilizada, sabe-se que algumas DLTs carecem de escalabilidade e desempenho. Sendo que um
sistema de identidade digital com abrangĂȘncia global dependerĂĄ bastante destes dois requisitos, esta pode nĂŁo
ser a melhor solução.
Este documento fornece uma visĂŁo geral do estado da arte e principais standards da SSI, focando-se de
seguida numa abordagem nĂŁo DLT, que inclui uma breve referĂȘncia a implementaçÔes nĂŁo-DLT e tecnologias
alternativas que poderĂŁo ser utilizadas para substituir as DLTs na SSI. Alem disso aborda algumas das principais
limitaçÔes associadas ao uso de DLTs na gestão de identidades digitais e apresenta uma framework baseada
em name systems e redes descentralizadas. Esta framework inclui as principais funcionalidades necessĂĄrias
para implementar os diferentes agentes SSI, que foram demonstradas através de algumas aplicaçÔes proof of
concept
PKI Scalability Issues
This report surveys different PKI technologies such as PKIX and SPKI and the
issues of PKI that affect scalability. Much focus is spent on certificate
revocation methodologies and status verification systems such as CRLs,
Delta-CRLs, CRS, Certificate Revocation Trees, Windowed Certificate Revocation,
OCSP, SCVP and DVCS.Comment: 23 pages, 2 figure
EMI Security Architecture
This document describes the various architectures of the three middlewares that comprise the EMI software stack. It also outlines the common efforts in the security area that allow interoperability between these middlewares. The assessment of the EMI Security presented in this document was performed internally by members of the Security Area of the EMI project
Data Minimisation in Communication Protocols: A Formal Analysis Framework and Application to Identity Management
With the growing amount of personal information exchanged over the Internet,
privacy is becoming more and more a concern for users. One of the key
principles in protecting privacy is data minimisation. This principle requires
that only the minimum amount of information necessary to accomplish a certain
goal is collected and processed. "Privacy-enhancing" communication protocols
have been proposed to guarantee data minimisation in a wide range of
applications. However, currently there is no satisfactory way to assess and
compare the privacy they offer in a precise way: existing analyses are either
too informal and high-level, or specific for one particular system. In this
work, we propose a general formal framework to analyse and compare
communication protocols with respect to privacy by data minimisation. Privacy
requirements are formalised independent of a particular protocol in terms of
the knowledge of (coalitions of) actors in a three-layer model of personal
information. These requirements are then verified automatically for particular
protocols by computing this knowledge from a description of their
communication. We validate our framework in an identity management (IdM) case
study. As IdM systems are used more and more to satisfy the increasing need for
reliable on-line identification and authentication, privacy is becoming an
increasingly critical issue. We use our framework to analyse and compare four
identity management systems. Finally, we discuss the completeness and
(re)usability of the proposed framework
- âŠ