713 research outputs found
DTKI: a new formalized PKI with no trusted parties
The security of public key validation protocols for web-based applications
has recently attracted attention because of weaknesses in the certificate
authority model, and consequent attacks.
Recent proposals using public logs have succeeded in making certificate
management more transparent and verifiable. However, those proposals involve a
fixed set of authorities. This means an oligopoly is created. Another problem
with current log-based system is their heavy reliance on trusted parties that
monitor the logs.
We propose a distributed transparent key infrastructure (DTKI), which greatly
reduces the oligopoly of service providers and allows verification of the
behaviour of trusted parties. In addition, this paper formalises the public log
data structure and provides a formal analysis of the security that DTKI
guarantees.Comment: 19 page
Certificate Transparency with Enhancements and Short Proofs
Browsers can detect malicious websites that are provisioned with forged or
fake TLS/SSL certificates. However, they are not so good at detecting malicious
websites if they are provisioned with mistakenly issued certificates or
certificates that have been issued by a compromised certificate authority.
Google proposed certificate transparency which is an open framework to monitor
and audit certificates in real time. Thereafter, a few other certificate
transparency schemes have been proposed which can even handle revocation. All
currently known constructions use Merkle hash trees and have proof size
logarithmic in the number of certificates/domain owners.
We present a new certificate transparency scheme with short (constant size)
proofs. Our construction makes use of dynamic bilinear-map accumulators. The
scheme has many desirable properties like efficient revocation, low
verification cost and update costs comparable to the existing schemes. We
provide proofs of security and evaluate the performance of our scheme.Comment: A preliminary version of the paper was published in ACISP 201
Certificate Transparency with Enhancements and Short Proofs
Browsers can detect malicious websites that are provisioned with forged or
fake TLS/SSL certificates. However, they are not so good at detecting malicious
websites if they are provisioned with mistakenly issued certificates or
certificates that have been issued by a compromised certificate authority.
Google proposed certificate transparency which is an open framework to monitor
and audit certificates in real time. Thereafter, a few other certificate
transparency schemes have been proposed which can even handle revocation. All
currently known constructions use Merkle hash trees and have proof size
logarithmic in the number of certificates/domain owners.
We present a new certificate transparency scheme with short (constant size)
proofs. Our construction makes use of dynamic bilinear-map accumulators. The
scheme has many desirable properties like efficient revocation, low
verification cost and update costs comparable to the existing schemes. We
provide proofs of security and evaluate the performance of our scheme.Comment: A preliminary version of the paper was published in ACISP 201
The Audit Logic: Policy Compliance in Distributed Systems
We present a distributed framework where agents can share data along with usage policies. We use an expressive policy language including conditions, obligations and delegation. Our framework also supports the possibility to refine policies. Policies are not enforced a-priori. Instead policy compliance is checked using an a-posteriri auditing approach. Policy compliance is shown by a (logical) proof that the authority can systematically check for validity. Tools for automatically checking and generating proofs are also part of the framework.\u
Audit-based Compliance Control (AC2) for EHR Systems
Traditionally, medical data is stored and processed using paper-based files. Recently, medical facilities have started to store, access and exchange medical data in digital form. The drivers for this change are mainly demands for cost reduction, and higher quality of health care. The main concerns when dealing with medical data are availability and confidentiality. Unavailability (even temporary) of medical data is expensive. Physicians may not be able to diagnose patients correctly, or they may have to repeat exams, adding to the overall costs of health care. In extreme cases availability of medical data can even be a matter of life or death. On the other hand, confidentiality of medical data is also important. Legislation requires medical facilities to observe the privacy of the patients, and states that patients have a final say on whether or not their medical data can be processed or not. Moreover, if physicians, or their EHR systems, are not trusted by the patients, for instance because of frequent privacy breaches, then patients may refuse to submit (correct) information, complicating the work of the physicians greatly. \ud
\ud
In traditional data protection systems, confidentiality and availability are conflicting requirements. The more data protection methods are applied to shield data from outsiders the more likely it becomes that authorized persons will not get access to the data in time. Consider for example, a password verification service that is temporarily not available, an access pass that someone forgot to bring, and so on. In this report we discuss a novel approach to data protection, Audit-based Compliance Control (AC2), and we argue that it is particularly suited for application in EHR systems. In AC2, a-priori access control is minimized to the mere authentication of users and objects, and their basic authorizations. More complex security procedures, such as checking user compliance to policies, are performed a-posteriori by using a formal and automated auditing mechanism. To support our claim we discuss legislation concerning the processing of health records, and we formalize a scenario involving medical personnel and a basic EHR system to show how AC2 can be used in practice. \ud
\ud
This report is based on previous work (Dekker & Etalle 2006) where we assessed the applicability of a-posteriori access control in a health care scenario. A more technically detailed article about AC2 recently appeared in the IJIS journal, where we focussed however on collaborative work environments (Cederquist, Corin, Dekker, Etalle, & Hartog, 2007). In this report we first provide background and related work before explaining the principal components of the AC2 framework. Moreover we model a detailed EHR case study to show its operation in practice. We conclude by discussing how this framework meets current trends in healthcare and by highlighting the main advantages and drawbacks of using an a-posteriori access control mechanism as opposed to more traditional access control mechanisms
Data Minimisation in Communication Protocols: A Formal Analysis Framework and Application to Identity Management
With the growing amount of personal information exchanged over the Internet,
privacy is becoming more and more a concern for users. One of the key
principles in protecting privacy is data minimisation. This principle requires
that only the minimum amount of information necessary to accomplish a certain
goal is collected and processed. "Privacy-enhancing" communication protocols
have been proposed to guarantee data minimisation in a wide range of
applications. However, currently there is no satisfactory way to assess and
compare the privacy they offer in a precise way: existing analyses are either
too informal and high-level, or specific for one particular system. In this
work, we propose a general formal framework to analyse and compare
communication protocols with respect to privacy by data minimisation. Privacy
requirements are formalised independent of a particular protocol in terms of
the knowledge of (coalitions of) actors in a three-layer model of personal
information. These requirements are then verified automatically for particular
protocols by computing this knowledge from a description of their
communication. We validate our framework in an identity management (IdM) case
study. As IdM systems are used more and more to satisfy the increasing need for
reliable on-line identification and authentication, privacy is becoming an
increasingly critical issue. We use our framework to analyse and compare four
identity management systems. Finally, we discuss the completeness and
(re)usability of the proposed framework
- …