114 research outputs found

    Auditable secure network overlays for multi-domain distributed applications

    Get PDF
    The push for data sharing and data processing across organisational boundaries creates challenges at many levels of the software stack. Data sharing and processing rely on the participating parties agreeing on the permissible operations and expressing them into actionable contracts and policies. Converting these contracts and policies into a operational infrastructure is still a matter of research and therefore begs the question how should a digital data market place infrastructure look like? In this paper we investigate how communication fabric and applications can be tightly coupled into a multi-domain overlay network which enforces accountability. We prove our concepts with a prototype which shows how a simple workflow can run across organisational boundaries

    Distributed Access Control with Blockchain

    Full text link
    The specification and enforcement of network-wide policies in a single administrative domain is common in today's networks and considered as already resolved. However, this is not the case for multi-administrative domains, e.g. among different enterprises. In such situation, new problems arise that challenge classical solutions such as PKIs, which suffer from scalability and granularity concerns. In this paper, we present an extension to Group-Based Policy -- a widely used network policy language -- for the aforementioned scenario. To do so, we take advantage of a permissioned blockchain implementation (Hyperledger Fabric) to distribute access control policies in a secure and auditable manner, preserving at the same time the independence of each organization. Network administrators specify polices that are rendered into blockchain transactions. A LISP control plane (RFC 6830) allows routers performing the access control to query the blockchain for authorizations. We have implemented an end-to-end experimental prototype and evaluated it in terms of scalability and network latency.Comment: 7 pages, 9 figures, 2 table

    Distributed Space Traffic Management Solutions with Emerging New Space Industry

    Get PDF
    Day-to-day services, from weather forecast to logistics, rely on space-based infrastructures whose integrity is crucial to stakeholders and end-users worldwide. Current trends point towards congestion of the near-Earth space environment increasing at a rate greater than existing systems support, and thus demand novel cost-efficient approaches to traffic detection, characterization, tracking, and management to ensure space remains a safe, integral part of societies and economies worldwide. Whereas machine-learning (ML) and artificial intelligence (AI) have been extensively proposed to address congestion and alleviate big-data problems of the future, little has been done so far to tackle the need for transnational coordination and conflict-resolution in the context of space traffic management (STM). In STM, there is an ever-growing need for distributing information and coordinating actions (e.g., avoidance manoeuvres) to reduce the operational costs borne by individual entities and to decrease the latencies of actionable responses taken upon the detection of hazardous conditions by one-to-two orders of magnitude. However, these needs are not exclusive to STM, as evidenced by the widespread adoption of solutions to distributing, coordinating, and automating actions in other industries such as air traffic management (ATM), where a short-range airborne collision avoidance system (ACAS) automatically coordinates evasive manoeuvres whenever a conjunction is detected. Within this context, this paper aims at establishing a roadmap of promising technologies (e.g., blockchain), protocols and processes that could be adapted from different domains (railway, automotive, aerial, and maritime) to build an integrated traffic coordination and communication architecture to simplify and harmonise stakeholders’ satellite operations. This paper is organised into seven sections. First, Section 1 introduces the problem of STM, highlighting its complexity. Following this introduction, Section 2 discusses needs and requirements of various stakeholders such as commercial operators, space situational awareness (SSA) service providers, launch-service providers, satellite and constellation owners, governmental agencies, regulators, and insurance companies. Then, Section 3 addresses existing gaps and challenges in STM, focusing on globally coordinated approaches. Next, Section 4 reviews technologies for distributed, secure, and persistent communications, and proposed solutions to address some of these challenges from non-space sectors. Thereafter, Section 5 briefly covers the history of STM proposals and presents the state-of-the-art solution being proposed for modern STM. Following this review, Section 6 devises a step-by-step plan for exploiting and deploying some of the identified technologies within a five-to-ten-year timeline to close several existing gaps. Finally, Section 7 concludes the paper

    T3AB: Transparent and Trustworthy Third-party Authority using Blockchain

    Full text link
    Increasingly, information systems rely on computational, storage, and network resources deployed in third-party facilities or are supported by service providers. Such an approach further exacerbates cybersecurity concerns constantly raised by numerous incidents of security and privacy attacks resulting in data leakage and identity theft, among others. These have in turn forced the creation of stricter security and privacy related regulations and have eroded the trust in cyberspace. In particular, security related services and infrastructures such as Certificate Authorities (CAs) that provide digital certificate service and Third-Party Authorities (TPAs) that provide cryptographic key services, are critical components for establishing trust in Internet enabled applications and services. To address such trust issues, various transparency frameworks and approaches have been recently proposed in the literature. In this paper, we propose a Transparent and Trustworthy TPA using Blockchain (T3AB) to provide transparency and accountability to the trusted third-party entities, such as honest-but-curious third-party IaaS servers, and coordinators in various privacy-preserving machine learning (PPML) approaches. T3AB employs the Ethereum blockchain as the underlying public ledger and also includes a novel smart contract to automate accountability with an incentive mechanism that motivates participants' to participate in auditing, and punishes unintentional or malicious behaviors. We implement T3AB, and show through experimental evaluation in the Ethereum official test network, Rinkeby, that the framework is efficient. We also formally show the security guarantee provided by T3AB, and analyze the privacy guarantee and trustworthiness it provides

    Foundations, Properties, and Security Applications of Puzzles: A Survey

    Full text link
    Cryptographic algorithms have been used not only to create robust ciphertexts but also to generate cryptograms that, contrary to the classic goal of cryptography, are meant to be broken. These cryptograms, generally called puzzles, require the use of a certain amount of resources to be solved, hence introducing a cost that is often regarded as a time delay---though it could involve other metrics as well, such as bandwidth. These powerful features have made puzzles the core of many security protocols, acquiring increasing importance in the IT security landscape. The concept of a puzzle has subsequently been extended to other types of schemes that do not use cryptographic functions, such as CAPTCHAs, which are used to discriminate humans from machines. Overall, puzzles have experienced a renewed interest with the advent of Bitcoin, which uses a CPU-intensive puzzle as proof of work. In this paper, we provide a comprehensive study of the most important puzzle construction schemes available in the literature, categorizing them according to several attributes, such as resource type, verification type, and applications. We have redefined the term puzzle by collecting and integrating the scattered notions used in different works, to cover all the existing applications. Moreover, we provide an overview of the possible applications, identifying key requirements and different design approaches. Finally, we highlight the features and limitations of each approach, providing a useful guide for the future development of new puzzle schemes.Comment: This article has been accepted for publication in ACM Computing Survey

    Analysis of current middleware used in peer-to-peer and grid implementations for enhancement by catallactic mechanisms

    Get PDF
    This deliverable describes the work done in task 3.1, Middleware analysis: Analysis of current middleware used in peer-to-peer and grid implementations for enhancement by catallactic mechanisms from work package 3, Middleware Implementation. The document is divided in four parts: The introduction with application scenarios and middleware requirements, Catnets middleware architecture, evaluation of existing middleware toolkits, and conclusions. -- Die Arbeit definiert Anforderungen an Grid und Peer-to-Peer Middleware Architekturen und analysiert diese auf ihre Eignung fĂĽr die prototypische Umsetzung der Katallaxie. Eine Middleware-Architektur fĂĽr die Umsetzung der Katallaxie in Application Layer Netzwerken wird vorgestellt.Grid Computing

    Proof-of-Concept Application - Annual Report Year 1

    Get PDF
    In this document the Cat-COVITE Application for use in the CATNETS Project is introduced and motivated. Furthermore an introduction to the catallactic middleware and Web Services Agreement (WS-Agreement) concepts is given as a basis for the future work. Requirements for the application of Cat-COVITE with in catallactic systems are analysed. Finally the integration of the Cat-COVITE application and the catallactic middleware is described. --Grid Computing

    Reflections on the 30th Anniversary of the IEEE Symposium on Security and Privacy

    Full text link
    Peter G. Neumann, Matt Bishop, Sean Peisert, and Marv Schaefer, "Reflections on the 30th Anniversary of the IEEE Symposium on Security and Privacy," Proceedings of the 31st IEEE Symposium on Security and Privacy, pp. 3–13, Oakland/Berkeley, CA, May 16–19, 2010
    • …
    corecore