Validating a Web Service Security Abstraction by Typing

An XML web service is, to a first approximation, an RPC service in which requests and responses are encoded in XML as SOAP envelopes, and transported over HTTP. We consider the problem of authenticating requests and responses at the SOAP-level, rather than relying on transport-level security. We propose a security abstraction, inspired by earlier work on secure RPC, in which the methods exported by a web service are annotated with one of three security levels: none, authenticated, or both authenticated and encrypted. We model our abstraction as an object calculus with primitives for defining and calling web services. We describe the semantics of our object calculus by translating to a lower-level language with primitives for message passing and cryptography. To validate our semantics, we embed correspondence assertions that specify the correct authentication of requests and responses. By appeal to the type theory for cryptographic protocols of Gordon and Jeffrey's Cryptyc, we verify the correspondence assertions simply by typing. Finally, we describe an implementation of our semantics via custom SOAP headers.Comment: 44 pages. A preliminary version appears in the Proceedings of the Workshop on XML Security 2002, pp. 18-29, November 200

Secure Authentication and Privacy-Preserving Techniques in Vehicular Ad-hoc NETworks (VANETs)

In the last decade, there has been growing interest in Vehicular Ad Hoc NETworks (VANETs). Today car manufacturers have already started to equip vehicles with sophisticated sensors that can provide many assistive features such as front collision avoidance, automatic lane tracking, partial autonomous driving, suggestive lane changing, and so on. Such technological advancements are enabling the adoption of VANETs not only to provide safer and more comfortable driving experience but also provide many other useful services to the driver as well as passengers of a vehicle. However, privacy, authentication and secure message dissemination are some of the main issues that need to be thoroughly addressed and solved for the widespread adoption/deployment of VANETs. Given the importance of these issues, researchers have spent a lot of effort in these areas over the last decade. We present an overview of the following issues that arise in VANETs: privacy, authentication, and secure message dissemination. Then we present a comprehensive review of various solutions proposed in the last 10 years which address these issues. Our survey sheds light on some open issues that need to be addressed in the future

Cost-effective secure e-health cloud system using identity based cryptographic techniques

Nowadays E-health cloud systems are more and more widely employed. However the security of these systems needs more consideration for the sensitive health information of patients. Some protocols on how to secure the e-health cloud system have been proposed, but many of them use the traditional PKI infrastructure to implement cryptographic mechanisms, which is cumbersome for they require every user having and remembering its own public/private keys. Identity based encryption (View the MathML sourceIBE) is a cryptographic primitive which uses the identity information of the user (e.g., email address) as the public key. Hence the public key is implicitly authenticated and the certificate management is simplified. Proxy re-encryption is another cryptographic primitive which aims at transforming a ciphertext under the delegator AA into another ciphertext which can be decrypted by the delegatee BB. In this paper, we describe several identity related cryptographic techniques for securing E-health system, which include new View the MathML sourceIBE schemes, new identity based proxy re-encryption (View the MathML sourceIBPRE) schemes. We also prove these schemes’ security and give the performance analysis, the results show our View the MathML sourceIBPRE scheme is especially highly efficient for re-encryption, which can be used to achieve cost-effective cloud usage.Peer ReviewedPostprint (author's final draft

Secure and privacy-aware proxy mobile IPv6 protocol for vehicle-to-grid networks

Vehicle-to-Grid (V2G) networks have emerged as a new communication paradigm between Electric Vehicles (EVs) and the Smart Grid (SG). In order to ensure seamless communications between mobile EVs and the electric vehicle supply equipment, the support of ubiquitous and transparent mobile IP communications is essential in V2G networks. However, enabling mobile IP communications raises real concerns about the possibility of tracking the locations of connected EVs through their mobile IP addresses. In this paper, we employ certificate-less public key cryptography in synergy with the restrictive partially blind signature technique to construct a secure and privacy-aware proxy mobile IPv6 (SP-PMIPv6) protocol for V2G networks. SP-PMIPv6 achieves low authentication latency while protecting the identity and location privacy of the mobile EV. We evaluate the SP-PMIPv6 protocol in terms of its authentication overhead and the information-theoretic uncertainty derived by the mutual information metric to show the high level of achieved anonymity

Transparent Encryption for IoT using Offline Key Exchange over Public Blockchains

Internet of Things (IoTs) framework involves of a wide range of com- puting devices that rely on cloud storage for various applications. For instance, monitoring, analytics, surveillance and storing data for later processing within other applications. Due to compliance with security standards and trust issues with third- party cloud storage servers, the IoT data has to be encrypted before moving it to cloud server for storage. However, a major concern with uploading encrypted IoT data to cloud is the management of encryption keys and managing access policies to data. There are several techniques that can be used for storing cryptographic keys used for encryption/decryption of data. For instance, the keys can be stored with encrypted data on the cloud, a third-party key storage vault can be used for storing keys or the keys can stay with client so that they could download and decrypt the data by themselves. In case of encryption keys leakage, the data stored on the cloud storage could be compromised. To resolve the challenge of key management and secure access to data in third-party cloud storage, an end-to-end transparent encryp- tion model has been proposed that securely publishes the cryptographic keys in a blockchain ledger. The data is encrypted at edge gateway before it is transmitted to cloud for storage. The user does not require cryptographic keys to access data; a seamless process involves the client proving their identity to a crypto proxy agent built upon zero trust security principles, ensuring continuous verification

BICRYPTO: An Efficient System to Enhance a Security Protection

In this paper, we propose a two factor data security protection mechanism with factor revocability for cloud storage system. We leverage two different encryption technologies. One is IBE (Identity Based Encryption) and other is PKE (Public Key Encryption). This can be done by the cloud server which will immediately execute some algorithms. Many techniques effectively provide the security for cloud storage data. During transmission of data in cloud environment, encryption is an efficient and widely used technique for data security. It can be done by public key, private and other identical information between the sender and receiver.The security and efficiencyanalysis show that system is not only secure but also practical