4,048 research outputs found
Cryptanalysis of the RSA-CEGD protocol
Recently, Nenadi\'c et al. (2004) proposed the RSA-CEGD protocol for
certified delivery of e-goods. This is a relatively complex scheme based on
verifiable and recoverable encrypted signatures (VRES) to guarantee properties
such as strong fairness and non-repudiation, among others. In this paper, we
demonstrate how this protocol cannot achieve fairness by presenting a severe
attack and also pointing out some other weaknesses.Comment: 8 pages, 1 figur
The Horcrux Protocol: A Method for Decentralized Biometric-based Self-sovereign Identity
Most user authentication methods and identity proving systems rely on a
centralized database. Such information storage presents a single point of
compromise from a security perspective. If this system is compromised it poses
a direct threat to users' digital identities. This paper proposes a
decentralized authentication method, called the Horcrux protocol, in which
there is no such single point of compromise. The protocol relies on
decentralized identifiers (DIDs) under development by the W3C Verifiable Claims
Community Group and the concept of self-sovereign identity. To accomplish this,
we propose specification and implementation of a decentralized biometric
credential storage option via blockchains using DIDs and DID documents within
the IEEE 2410-2017 Biometric Open Protocol Standard (BOPS)
Public Evidence from Secret Ballots
Elections seem simple---aren't they just counting? But they have a unique,
challenging combination of security and privacy requirements. The stakes are
high; the context is adversarial; the electorate needs to be convinced that the
results are correct; and the secrecy of the ballot must be ensured. And they
have practical constraints: time is of the essence, and voting systems need to
be affordable and maintainable, and usable by voters, election officials, and
pollworkers. It is thus not surprising that voting is a rich research area
spanning theory, applied cryptography, practical systems analysis, usable
security, and statistics. Election integrity involves two key concepts:
convincing evidence that outcomes are correct and privacy, which amounts to
convincing assurance that there is no evidence about how any given person
voted. These are obviously in tension. We examine how current systems walk this
tightrope.Comment: To appear in E-Vote-Id '1
A Mediated Definite Delegation Model allowing for Certified Grid Job Submission
Grid computing infrastructures need to provide traceability and accounting of
their users" activity and protection against misuse and privilege escalation. A
central aspect of multi-user Grid job environments is the necessary delegation
of privileges in the course of a job submission. With respect to these generic
requirements this document describes an improved handling of multi-user Grid
jobs in the ALICE ("A Large Ion Collider Experiment") Grid Services. A security
analysis of the ALICE Grid job model is presented with derived security
objectives, followed by a discussion of existing approaches of unrestricted
delegation based on X.509 proxy certificates and the Grid middleware gLExec.
Unrestricted delegation has severe security consequences and limitations, most
importantly allowing for identity theft and forgery of delegated assignments.
These limitations are discussed and formulated, both in general and with
respect to an adoption in line with multi-user Grid jobs. Based on the
architecture of the ALICE Grid Services, a new general model of mediated
definite delegation is developed and formulated, allowing a broker to assign
context-sensitive user privileges to agents. The model provides strong
accountability and long- term traceability. A prototype implementation allowing
for certified Grid jobs is presented including a potential interaction with
gLExec. The achieved improvements regarding system security, malicious job
exploitation, identity protection, and accountability are emphasized, followed
by a discussion of non- repudiation in the face of malicious Grid jobs
Glossary of International Climate Policy Terms
Environmental Economics and Policy,
- …