17,084 research outputs found
Data Confidentiality in Mobile Ad hoc Networks
Mobile ad hoc networks (MANETs) are self-configuring infrastructure-less
networks comprised of mobile nodes that communicate over wireless links without
any central control on a peer-to-peer basis. These individual nodes act as
routers to forward both their own data and also their neighbours' data by
sending and receiving packets to and from other nodes in the network. The
relatively easy configuration and the quick deployment make ad hoc networks
suitable the emergency situations (such as human or natural disasters) and for
military units in enemy territory. Securing data dissemination between these
nodes in such networks, however, is a very challenging task. Exposing such
information to anyone else other than the intended nodes could cause a privacy
and confidentiality breach, particularly in military scenarios. In this paper
we present a novel framework to enhance the privacy and data confidentiality in
mobile ad hoc networks by attaching the originator policies to the messages as
they are sent between nodes. We evaluate our framework using the Network
Simulator (NS-2) to check whether the privacy and confidentiality of the
originator are met. For this we implemented the Policy Enforcement Points
(PEPs), as NS-2 agents that manage and enforce the policies attached to packets
at every node in the MANET.Comment: 12 page
CONFLLVM: A Compiler for Enforcing Data Confidentiality in Low-Level Code
We present an instrumenting compiler for enforcing data confidentiality in
low-level applications (e.g. those written in C) in the presence of an active
adversary. In our approach, the programmer marks secret data by writing
lightweight annotations on top-level definitions in the source code. The
compiler then uses a static flow analysis coupled with efficient runtime
instrumentation, a custom memory layout, and custom control-flow integrity
checks to prevent data leaks even in the presence of low-level attacks. We have
implemented our scheme as part of the LLVM compiler. We evaluate it on the SPEC
micro-benchmarks for performance, and on larger, real-world applications
(including OpenLDAP, which is around 300KLoC) for programmer overhead required
to restructure the application when protecting the sensitive data such as
passwords. We find that performance overheads introduced by our instrumentation
are moderate (average 12% on SPEC), and the programmer effort to port OpenLDAP
is only about 160 LoC.Comment: Technical report for CONFLLVM: A Compiler for Enforcing Data
Confidentiality in Low-Level Code, appearing at EuroSys 201
Enabling Data Confidentiality with Public Blockchains
Blockchain technology is apt to facilitate the automation of multi-party
cooperations among various players in a decentralized setting, especially in
cases where trust among participants is limited. Transactions are stored in a
ledger, a replica of which is retained by every node of the blockchain network.
The operations saved thereby are thus publicly accessible. While this aspect
enhances transparency, reliability, and persistence, it hinders the utilization
of public blockchains for process automation as it violates typical
confidentiality requirements in corporate settings. To overcome this issue, we
propose our approach named Multi-Authority Approach to Transaction Systems for
Interoperating Applications (MARTSIA). Based on Multi-Authority Attribute-Based
Encryption (MA-ABE), MARTSIA enables read-access control over shared data at
the level of message parts. User-defined policies determine whether an actor
can interpret the publicly stored information or not, depending on the actor's
attributes declared by a consortium of certifiers. Still, all nodes in the
blockchain network can attest to the publication of the (encrypted) data. We
provide a formal analysis of the security guarantees of MARTSIA, and illustrate
the proof-of-concept implementation over multiple blockchain platforms. To
demonstrate its interoperability, we showcase its usage in ensemble with a
state-of-the-art blockchain-based engine for multi-party process execution, and
three real-world decentralized applications in the context of NFT markets,
supply chain, and retail.Comment: arXiv admin note: substantial text overlap with arXiv:2303.1797
A secure data outsourcing scheme based on Asmuth â Bloom secret sharing
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Data outsourcing is an emerging paradigm for data management in which a database is provided as a service by third-party service providers. One of the major benefits of offering database as a service is to provide organisations, which are unable to purchase expensive hardware and software to host their databases, with efficient data storage accessible online at a cheap rate. Despite that, several issues of data confidentiality, integrity, availability and efficient indexing of usersâ queries at the server side have to be addressed in the data outsourcing paradigm. Service providers have to guarantee that their clientsâ data are secured against internal (insider) and external attacks. This paper briefly analyses the existing indexing schemes in data outsourcing and highlights their advantages and disadvantages. Then, this paper proposes a secure data outsourcing scheme based on AsmuthâBloom secret sharing which tries to address the issues in data outsourcing such as data confidentiality, availability and order preservation for efficient indexing
fQuery: SPARQL Query Rewriting to Enforce Data Confidentiality
International audienceRDF is an increasingly used framework for describing Web resources, including sensitive and confidential resources. In this context, we need an expressive language to query RDF databases. SPARQL has been defined to easily localize and extract data in an RDF graph. Since confidential data are accessed, SPARQL queries must be filtered so that only authorized data are returned with respect to some confidentiality policy. In this paper, we model a confidentiality policy as a set of positive and negative filters (corresponding respectively to permissions and prohibitions) that apply to SPARQL queries. We then define rewriting algorithms that transform the queries so that the results returned by transformed queries are compliant with the confidentiality policy
MARTSIA: Enabling Data Confidentiality for Blockchain-based Process Execution
Multi-party business processes rely on the collaboration of various players
in a decentralized setting. Blockchain technology can facilitate the automation
of these processes, even in cases where trust among participants is limited.
Transactions are stored in a ledger, a replica of which is retained by every
node of the blockchain network. The operations saved thereby are thus publicly
accessible. While this enhances transparency, reliability, and persistence, it
hinders the utilization of public blockchains for process automation as it
violates typical confidentiality requirements in corporate settings. In this
paper, we propose MARTSIA: A Multi-Authority Approach to Transaction Systems
for Interoperating Applications. MARTSIA enables precise control over process
data at the level of message parts. Based on Multi-Authority Attribute-Based
Encryption (MA-ABE), MARTSIA realizes a number of desirable properties,
including confidentiality, transparency, and auditability. We implemented our
approach in proof-of-concept prototypes, with which we conduct a case study in
the area of supply chain management. Also, we show the integration of MARTSIA
with a state-of-the-art blockchain-based process execution engine to secure the
data flow
Recommended from our members
LEE: LightâWeight EnergyâEfficient encryption algorithm for sensor networks
Data confidentiality in wireless sensor networks is mainly achieved by RC5 and Skipjack encryption algorithms. However, both algorithms have their weaknesses, for example RC5 supports variable-bit rotations, which are computationally expensive operations and Skipjack uses a key length of 80-bits, which is subject to brute force attack. In this paper we introduce a light-weight energy- fficient encryption-algorithm (LEE) for tiny embedded devices, such as sensor network nodes. We present experimental results of LEE under real sensor nodes operating in TinyOS. We also discuss the secrecy of our algorithm by presenting a security analysis of various tests and cryptanalytic attacks
GossiCrypt: Wireless Sensor Network Data Confidentiality Against Parasitic Adversaries
Resource and cost constraints remain a challenge for wireless sensor network
security. In this paper, we propose a new approach to protect confidentiality
against a parasitic adversary, which seeks to exploit sensor networks by
obtaining measurements in an unauthorized way. Our low-complexity solution,
GossiCrypt, leverages on the large scale of sensor networks to protect
confidentiality efficiently and effectively. GossiCrypt protects data by
symmetric key encryption at their source nodes and re-encryption at a randomly
chosen subset of nodes en route to the sink. Furthermore, it employs key
refreshing to mitigate the physical compromise of cryptographic keys. We
validate GossiCrypt analytically and with simulations, showing it protects data
confidentiality with probability almost one. Moreover, compared with a system
that uses public-key data encryption, the energy consumption of GossiCrypt is
one to three orders of magnitude lower
- âŠ