2,048 research outputs found
Cryptographically Secure Information Flow Control on Key-Value Stores
We present Clio, an information flow control (IFC) system that transparently
incorporates cryptography to enforce confidentiality and integrity policies on
untrusted storage. Clio insulates developers from explicitly manipulating keys
and cryptographic primitives by leveraging the policy language of the IFC
system to automatically use the appropriate keys and correct cryptographic
operations. We prove that Clio is secure with a novel proof technique that is
based on a proof style from cryptography together with standard programming
languages results. We present a prototype Clio implementation and a case study
that demonstrates Clio's practicality.Comment: Full version of conference paper appearing in CCS 201
An Analysis and Enumeration of the Blockchain and Future Implications
The blockchain is a relatively new technology that has grown in interest and potential research since its inception. Blockchain technology is dominated by cryptocurrency in terms of usage. Research conducted in the past few years, however, reveals blockchain has the potential to revolutionize several different industries. The blockchain consists of three major technologies: a peer-to-peer network, a distributed database, and asymmetrically encrypted transactions. The peer-to-peer network enables a decentralized, consensus-based network structure where various nodes contribute to the overall network performance. A distributed database adds additional security and immutability to the network. The process of cryptographically securing individual transactions forms a core service of the blockchain and enables semi-anonymous user network presence
The Horcrux Protocol: A Method for Decentralized Biometric-based Self-sovereign Identity
Most user authentication methods and identity proving systems rely on a
centralized database. Such information storage presents a single point of
compromise from a security perspective. If this system is compromised it poses
a direct threat to users' digital identities. This paper proposes a
decentralized authentication method, called the Horcrux protocol, in which
there is no such single point of compromise. The protocol relies on
decentralized identifiers (DIDs) under development by the W3C Verifiable Claims
Community Group and the concept of self-sovereign identity. To accomplish this,
we propose specification and implementation of a decentralized biometric
credential storage option via blockchains using DIDs and DID documents within
the IEEE 2410-2017 Biometric Open Protocol Standard (BOPS)
The security of NTP's datagram protocol
For decades, the Network Time Protocol (NTP) has been
used to synchronize computer clocks over untrusted network paths. This
work takes a new look at the security of NTP’s datagram protocol. We
argue that NTP’s datagram protocol in RFC5905 is both underspecified
and flawed. The NTP specifications do not sufficiently respect (1) the
conflicting security requirements of different NTP modes, and (2) the
mechanism NTP uses to prevent off-path attacks. A further problem
is that (3) NTP’s control-query interface reveals sensitive information
that can be exploited in off-path attacks. We exploit these problems
in several attacks that remote attackers can use to maliciously alter a
target’s time. We use network scans to find millions of IPs that are
vulnerable to our attacks. Finally, we move beyond identifying attacks
by developing a cryptographic model and using it to prove the security
of a new backwards-compatible client/server protocol for NTP.https://eprint.iacr.org/2016/1006.pdfhttps://eprint.iacr.org/2016/1006.pdfPublished versio
Self-sovereign identity decentralized identifiers, claims and credentials using non decentralized ledger technology
Dissertação de mestrado integrado em Engenharia InformáticaCurrent identity management systems rely on centralized databases to store user’s personal data, which poses
a great risks for data security, as these infrastructure create a critical point of failure for the whole system. Beside
that service providers have to bear huge maintenance costs and comply with strict data protection regulations.
Self-sovereign identity (SSI) is a new identity management paradigm that tries to answer some of these
problems by providing a decentralized user-centric identity management system that gives users full control of
their personal data. Some of its underlying concepts include Decentralized Identifiers (DIDs), Verifiable Claims
and Credentials. This approach does not rely on any central authority to enforce trust as it often uses Blockchain
or other Decentralized Ledger Technologies (DLT) as the trust anchor of the system, although other decentralized
network or databases could also be used for the same purpose.
This thesis focuses on finding alternative solutions to DLT, in the context of SSI. Despite being the most used
solution some DLTs are known to lack scalability and performance, and since a global identity management
system heavily relies on these two requirements it might not be the best solution to the problem.
This document provides an overview of the state of the art and main standards of SSI, and then focuses on
a non-DLT approach to SSI, referencing non-DLT implementations and alternative decentralized infrastructures
that can be used to replace DLTs in SSI. It highlights some of the limitations associated with using DLTs for
identity management and presents a SSI framework based on decentralized names systems and networks. This
framework couples all the main functionalities needed to create different SSI agents, which were showcased in
a proof of concept application.Actualmente os sistemas de gestão de identidade digital estão dependentes de bases de dados centralizadas
para o armazenamento de dados pessoais dos seus utilizadores. Isto representa um elevado risco de segurança,
uma vez que estas infra-estruturas representam um ponto crítico de falha para todo o sistema. Para além disso
os service providers têm que suportam elevados custos de manutenção para armazenar toda esta informaçao
e ainda são obrigados a cumprir as normas de protecção de dados existentes.
Self-sovereign identity (SSI) é um novo paradigma de identidade digital que tenta dar resposta a alguns destes
problemas, criando um sistema focado no utilizador e totalmente descentralizado que oferece aos utilizadores
total controlo sobre os seus dados pessoais. Alguns dos conceitos subjacentes incluem Decentalized Identifiers
(DIDs), Verifiable Credentials e Presentations. Esta abordagem não depende de qualquer autoridade central
para estabelecer confiança, dado que utiliza Blockchains ou outras Decentralized Ledger Technilogies (DLT)
como âncora de confiança do sistema. No entanto outras redes ou bases de dados descentralizadas podem
também ser utilizadas para alcançar o mesmo objectivo.
Esta tese concentra-se em encontrar soluções alternativas para a DLT no âmbito da SSI. Apesar de esta ser
a solução mais utilizada, sabe-se que algumas DLTs carecem de escalabilidade e desempenho. Sendo que um
sistema de identidade digital com abrangência global dependerá bastante destes dois requisitos, esta pode não
ser a melhor solução.
Este documento fornece uma visão geral do estado da arte e principais standards da SSI, focando-se de
seguida numa abordagem não DLT, que inclui uma breve referência a implementações não-DLT e tecnologias
alternativas que poderão ser utilizadas para substituir as DLTs na SSI. Alem disso aborda algumas das principais
limitações associadas ao uso de DLTs na gestão de identidades digitais e apresenta uma framework baseada
em name systems e redes descentralizadas. Esta framework inclui as principais funcionalidades necessárias
para implementar os diferentes agentes SSI, que foram demonstradas através de algumas aplicações proof of
concept
Blockchain-based Provenance Solution for Handcrafted Jewellery
Käsitsi tehtud ehete valmistamiseks kasutatakse tootmismasinate asemel inimeste kätetööd. Kui masinate poolt tehtud ehted on samasugused, odavad ja kergesti kättesaadavad, siis käsitsi valmistatud ehted on ainulaadsed ja küllaltki kallid. Seda eriti siis, kui tegemist on tuntud käsitöölise või disaineriga. Käesolev tehnoloogiaajastu on tõstnud tarbijate teadlikkust ning inimesed on valmis rohkem maksma tõestatud päritoluga toodete eest. Samuti soovivad tootjad oma töö eest saada tunnustatud ja omada selle õigusi. Praegused lahendused on pärituolu osas poolikud ning see võimaldab tarneahelal olla läbipaistmatu ning seetõttu kõrvale hiilida läbipaistvusest ning jälgitavusest. Seetõttu on hüppeliselt kasvanud võltstoodangu arv, mis toob kaasa majandusliku ja keskkondliku kahju, terviseriskid, valdkonna halva maine ning rikutud usalduse. Käesolev dissertatsioon vaatleb ja selgitab plokiahela tehnoloogial põhinevaid lahendusi ja võimalusi taustakontrolli tegemiseks ning teostab Ethereumi plokiahelal põhineva lahenduse käsitööehete päritolu kontrolliks. Uurimuse tulemus aitab kaasa taustakontrollimehhanismide arengule ning aitab seda rakendada ülemaailmse tarneahela läbispaistvamaks muutmisel.Handcrafted jewellery involves use of hand labour rather than manufacturing machinery. Unlike manufactured jewellery which is similarly crafted, cheap and easy to find, handcrafted jewellery tend to be uniquely crafted and fairly expensive, especially when it is attributed to a well known artisan or designer. The current information age has birthed a new era of conscious consumers who are willing to pay more for products with proven origins. Likewise, creators desire to be rightfully attributed and acknowledged for their work. However, the partial implementation of provenance by current solutions has encouraged opaque supply chains that hinder transparency and traceability. For this reason, there has been a rapid increase in counterfeit products, unprecedented economic loss, environmental degradation, health risks, increase in defamation cases, and broken trust. In this thesis, we review related provenance solutions using blockchain technology, identify key provenance features and implement a provenance solution for handcrafted jewellery on Ethereum blockchain. The output of this research can be used towards the development of provenance as a subject and its implementation in global supply chains
SoK: Cryptographically Protected Database Search
Protected database search systems cryptographically isolate the roles of
reading from, writing to, and administering the database. This separation
limits unnecessary administrator access and protects data in the case of system
breaches. Since protected search was introduced in 2000, the area has grown
rapidly; systems are offered by academia, start-ups, and established companies.
However, there is no best protected search system or set of techniques.
Design of such systems is a balancing act between security, functionality,
performance, and usability. This challenge is made more difficult by ongoing
database specialization, as some users will want the functionality of SQL,
NoSQL, or NewSQL databases. This database evolution will continue, and the
protected search community should be able to quickly provide functionality
consistent with newly invented databases.
At the same time, the community must accurately and clearly characterize the
tradeoffs between different approaches. To address these challenges, we provide
the following contributions:
1) An identification of the important primitive operations across database
paradigms. We find there are a small number of base operations that can be used
and combined to support a large number of database paradigms.
2) An evaluation of the current state of protected search systems in
implementing these base operations. This evaluation describes the main
approaches and tradeoffs for each base operation. Furthermore, it puts
protected search in the context of unprotected search, identifying key gaps in
functionality.
3) An analysis of attacks against protected search for different base
queries.
4) A roadmap and tools for transforming a protected search system into a
protected database, including an open-source performance evaluation platform
and initial user opinions of protected search.Comment: 20 pages, to appear to IEEE Security and Privac
Teaching self-sovereign identity
For service providers, secure and reliable identification of users is essential to provide its services. From a user perspective, traditional identifiers are currently solved by centralized entities who have the capacity to control not only the creation of the identifier, but also the withdrawal. Moreover, in most cases more personal information is being provided than needs to be demonstrated. A blockchain-based Self-Sovereign Identity (SSI) provides a secure and reliable identification method for service providers, gives the user self-control of the identifier, and enables a way to provide just the essential information that is needed to get the service. This paper aims to make two practical documents; the first one being an introductory practice to get started with this topic and the second one that consists of developing a simple SSI login system for web services offered to university students.Para los proveedores de servicios, la identificación segura y confiable de los usuarios es fundamental para prestar sus servicios. Desde la perspectiva del usuario, los identificadores tradicionales actualmente son proporcionados por entidades centralizadas que tienen la capacidad de controlar, no solo la creación del identificador, sino también la retirada. Además, en la mayoría de los casos se proporciona más información personal de la que se necesita demostrar. Una Auto-Identidad Soberana basada en blockchain proporciona un método de identificación seguro y fiable para los proveedores de servicios, le da al usuario el autocontrol del identificador y permite una forma de proporcionar sólo la información esencial que se necesita para obtener el servicio. Este trabajo tiene como objetivo realizar dos documentos prácticos, siendo el primero una práctica introductoria para iniciarse en este tema y el segundo que consiste en desarrollar un sistema de inicio de sesión de Auto-Identidad Soberana simple para servicios web ofrecidos a estudiantes universitarios.Per als proveïdors de serveis, la identificació segura i fiable dels usuaris és fonamental per prestar els seus serveis. Des de la perspectiva de l'usuari, els identificadors tradicionals són proporcionats actualment per entitats centralitzades que tenen la capacitat de controlar, no només la creació de l'identificador, sinó també la retirada. A més, en la majoria dels casos es proporciona més informació personal de la que cal demostrar. Una identitat autosobirana basada en blockchain proporciona un mètode d'identificació segur i fiable per als proveïdors de serveis, dóna a l'usuari l'autocontrol de l'identificador i permet una manera de proporcionar només la informació essencial que es necessita per obtenir el servei. Aquest treball té com a objectiu fer dos documents pràctics, sent el primer una pràctica introductòria per iniciar-se en aquest tema i el segon que consisteix a desenvolupar un sistema d'inici de sessió d'identitat autosobirana simple per a serveis web oferts a estudiants universitaris
- …