835 research outputs found
Colliding X.509 Certificates
We announce the construction of a pair of valid X.509 certificates with identical signatures
An Evaluated Certification Services System for the German National Root CA - Legally Binding and Trustworthy Transactions in E-Business and E-Government
National Root CAs enable legally binding E-Business and E-Government
transactions. This is a report about the development, the evaluation and the
certification of the new certification services system for the German National
Root CA. We illustrate why a new certification services system was necessary,
and which requirements to the new system existed. Then we derive the tasks to
be done from the mentioned requirements. After that we introduce the initial
situation at the beginning of the project. We report about the very process and
talk about some unfamiliar situations, special approaches and remarkable
experiences. Finally we present the ready IT system and its impact to
E-Business and E-Government.Comment: 6 pages; 1 figure; IEEE style; final versio
Chosen-Prefix Collisions for MD5 and Applications
We present a novel, automated way to find differential paths for MD5.
Its main application is in the construction of \emph{chosen-prefix collisions}.
We have shown how, at an approximate expected cost of
calls to the MD5 compression function, for any two chosen message
prefixes and , suffixes and can be constructed such that
the concatenated values and collide under MD5.
The practical attack potential of this construction
of chosen-prefix collisions is of greater concern
than the MD5-collisions that were published before. This is illustrated by
a pair of MD5-based X.509 certificates one of which was signed by a
commercial Certification Authority (CA) as a legitimate website certificate,
while the other one is a certificate for a rogue CA that is entirely
under our control (cf.\ \url{http://www.win.tue.nl/hashclash/rogue-ca/}).
Other examples, such as MD5-colliding executables, are presented as well.
More details can be found on
\url{http://www.win.tue.nl/hashclash/ChosenPrefixCollisions/}
Security Issues of the Digital Certificates within Public Key Infrastructures
The paper presents the basic byte level interpretation of an X.509 v3 digital certificate according to ASN.1 DER/BER encoding. The reasons for byte level analysis are various and important. For instance, a research paper has mentioned how a PKI security may be violated by MD5 collision over information from the certificates. In order to develop further studies on the topic a serious knowledge about certificate structure is necessary.digital certificates, certificates authority, ASN.1 DER/BER, PKI
SciTokens: Capability-Based Secure Access to Remote Scientific Data
The management of security credentials (e.g., passwords, secret keys) for
computational science workflows is a burden for scientists and information
security officers. Problems with credentials (e.g., expiration, privilege
mismatch) cause workflows to fail to fetch needed input data or store valuable
scientific results, distracting scientists from their research by requiring
them to diagnose the problems, re-run their computations, and wait longer for
their results. In this paper, we introduce SciTokens, open source software to
help scientists manage their security credentials more reliably and securely.
We describe the SciTokens system architecture, design, and implementation
addressing use cases from the Laser Interferometer Gravitational-Wave
Observatory (LIGO) Scientific Collaboration and the Large Synoptic Survey
Telescope (LSST) projects. We also present our integration with widely-used
software that supports distributed scientific computing, including HTCondor,
CVMFS, and XrootD. SciTokens uses IETF-standard OAuth tokens for
capability-based secure access to remote scientific data. The access tokens
convey the specific authorizations needed by the workflows, rather than
general-purpose authentication impersonation credentials, to address the risks
of scientific workflows running on distributed infrastructure including NSF
resources (e.g., LIGO Data Grid, Open Science Grid, XSEDE) and public clouds
(e.g., Amazon Web Services, Google Cloud, Microsoft Azure). By improving the
interoperability and security of scientific workflows, SciTokens 1) enables use
of distributed computing for scientific domains that require greater data
protection and 2) enables use of more widely distributed computing resources by
reducing the risk of credential abuse on remote systems.Comment: 8 pages, 6 figures, PEARC '18: Practice and Experience in Advanced
Research Computing, July 22--26, 2018, Pittsburgh, PA, US
Chosen-prefix collisions for MD5 and applications
We present a novel, automated way to find differential paths for MD5. Its main application is in the construction of chosen-prefix collisions. We have shown how, at an approximate expected cost of 239 calls to the MD5 compression function, for any two chosen message prefixes P and P', suffixes S and S' can be constructed such that the concatenated values P||S and P'||S' collide under MD5. The practical attack potential of this construction of chosen-prefix collisions is of greater concern than the MD5-collisions that were published before. This is illustrated by a pair of MD5-based X.509 certificates one of which was signed by a commercial Certification Authority (CA) as a legitimate website certificate, while the other one is a certificate for a rogue CA that is entirely under our control (cf. http://www.win.tue.nl/hashclash/rogue-ca/). Other examples, such as MD5-colliding executables, are presented as well. More details can be found on http://www.win.tue.nl/hashclash/ChosenPrefixCollisions/
Safety Barrier Certificates for Heterogeneous Multi-Robot Systems
This paper presents a formal framework for collision avoidance in multi-robot
systems, wherein an existing controller is modified in a minimally invasive
fashion to ensure safety. We build this framework through the use of control
barrier functions (CBFs) which guarantee forward invariance of a safe set;
these yield safety barrier certificates in the context of heterogeneous robot
dynamics subject to acceleration bounds. Moreover, safety barrier certificates
are extended to a distributed control framework, wherein neighboring agent
dynamics are unknown, through local parameter identification. The end result is
an optimization-based controller that formally guarantees collision free
behavior in heterogeneous multi-agent systems by minimally modifying the
desired controller via safety barrier constraints. This formal result is
verified in simulation on a multi-robot system consisting of both cumbersome
and agile robots, is demonstrated experimentally on a system with a Magellan
Pro robot and three Khepera III robots.Comment: 8 pages version of 2016ACC conference paper, experimental results
adde
- …