562 research outputs found
REISCH: incorporating lightweight and reliable algorithms into healthcare applications of WSNs
Healthcare institutions require advanced technology to collect patients' data accurately and continuously. The tradition technologies still suffer from two problems: performance and security efficiency. The existing research has serious drawbacks when using public-key mechanisms such as digital signature algorithms. In this paper, we propose Reliable and Efficient Integrity Scheme for Data Collection in HWSN (REISCH) to alleviate these problems by using secure and lightweight signature algorithms. The results of the performance analysis indicate that our scheme provides high efficiency in data integration between sensors and server (saves more than 24% of alive sensors compared to traditional algorithms). Additionally, we use Automated Validation of Internet Security Protocols and Applications (AVISPA) to validate the security procedures in our scheme. Security analysis results confirm that REISCH is safe against some well-known attacks
SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems
Several years of academic and industrial research efforts have converged to a
common understanding on fundamental security building blocks for the upcoming
Vehicular Communication (VC) systems. There is a growing consensus towards
deploying a special-purpose identity and credential management infrastructure,
i.e., a Vehicular Public-Key Infrastructure (VPKI), enabling pseudonymous
authentication, with standardization efforts towards that direction. In spite
of the progress made by standardization bodies (IEEE 1609.2 and ETSI) and
harmonization efforts (Car2Car Communication Consortium (C2C-CC)), significant
questions remain unanswered towards deploying a VPKI. Deep understanding of the
VPKI, a central building block of secure and privacy-preserving VC systems, is
still lacking. This paper contributes to the closing of this gap. We present
SECMACE, a VPKI system, which is compatible with the IEEE 1609.2 and ETSI
standards specifications. We provide a detailed description of our
state-of-the-art VPKI that improves upon existing proposals in terms of
security and privacy protection, and efficiency. SECMACE facilitates
multi-domain operations in the VC systems and enhances user privacy, notably
preventing linking pseudonyms based on timing information and offering
increased protection even against honest-but-curious VPKI entities. We propose
multiple policies for the vehicle-VPKI interactions, based on which and two
large-scale mobility trace datasets, we evaluate the full-blown implementation
of SECMACE. With very little attention on the VPKI performance thus far, our
results reveal that modest computing resources can support a large area of
vehicles with very low delays and the most promising policy in terms of privacy
protection can be supported with moderate overhead.Comment: 14 pages, 9 figures, 10 tables, IEEE Transactions on Intelligent
Transportation System
A Byzantine Fault-Tolerant Ordering Service for the Hyperledger Fabric Blockchain Platform
Hyperledger Fabric (HLF) is a flexible permissioned blockchain platform
designed for business applications beyond the basic digital coin addressed by
Bitcoin and other existing networks. A key property of HLF is its
extensibility, and in particular the support for multiple ordering services for
building the blockchain. Nonetheless, the version 1.0 was launched in early
2017 without an implementation of a Byzantine fault-tolerant (BFT) ordering
service. To overcome this limitation, we designed, implemented, and evaluated a
BFT ordering service for HLF on top of the BFT-SMaRt state machine
replication/consensus library, implementing also optimizations for wide-area
deployment. Our results show that HLF with our ordering service can achieve up
to ten thousand transactions per second and write a transaction irrevocably in
the blockchain in half a second, even with peers spread in different
continents
A Mobile Secure Bluetooth-Enabled Cryptographic Provider
The use of digital X509v3 public key certificates, together with different standards
for secure digital signatures are commonly adopted to establish authentication proofs
between principals, applications and services. One of the robustness characteristics commonly
associated with such mechanisms is the need of hardware-sealed cryptographic
devices, such as Hardware-Security Modules (or HSMs), smart cards or hardware-enabled
tokens or dongles. These devices support internal functions for management and storage
of cryptographic keys, allowing the isolated execution of cryptographic operations, with
the keys or related sensitive parameters never exposed.
The portable devices most widely used are USB-tokens (or security dongles) and internal
ships of smart cards (as it is also the case of citizen cards, banking cards or ticketing
cards). More recently, a new generation of Bluetooth-enabled smart USB dongles appeared,
also suitable to protect cryptographic operations and digital signatures for secure
identity and payment applications. The common characteristic of such devices is to offer
the required support to be used as secure cryptographic providers. Among the advantages
of those portable cryptographic devices is also their portability and ubiquitous use, but,
in consequence, they are also frequently forgotten or even lost. USB-enabled devices imply
the need of readers, not always and not commonly available for generic smartphones
or users working with computing devices. Also, wireless-devices can be specialized or
require a development effort to be used as standard cryptographic providers.
An alternative to mitigate such problems is the possible adoption of conventional
Bluetooth-enabled smartphones, as ubiquitous cryptographic providers to be used, remotely,
by client-side applications running in users’ devices, such as desktop or laptop
computers. However, the use of smartphones for safe storage and management of private
keys and sensitive parameters requires a careful analysis on the adversary model assumptions.
The design options to implement a practical and secure smartphone-enabled
cryptographic solution as a product, also requires the approach and the better use of
the more interesting facilities provided by frameworks, programming environments and
mobile operating systems services.
In this dissertation we addressed the design, development and experimental evaluation
of a secure mobile cryptographic provider, designed as a mobile service provided in a smartphone. The proposed solution is designed for Android-Based smartphones and
supports on-demand Bluetooth-enabled cryptographic operations, including standard
digital signatures. The addressed mobile cryptographic provider can be used by applications
running on Windows-enabled computing devices, requesting digital signatures.
The solution relies on the secure storage of private keys related to X509v3 public certificates
and Android-based secure elements (SEs). With the materialized solution, an
application running in a Windows computing device can request standard digital signatures
of documents, transparently executed remotely by the smartphone regarded as a
standard cryptographic provider
Sea of Lights: Practical Device-to-Device Security Bootstrapping in the Dark
Practical solutions to bootstrap security in today's information and
communication systems critically depend on centralized services for
authentication as well as key and trust management. This is particularly true
for mobile users. Identity providers such as Google or Facebook have active
user bases of two billion each, and the subscriber number of mobile operators
exceeds five billion unique users as of early 2018. If these centralized
services go completely `dark' due to natural or man made disasters, large scale
blackouts, or country-wide censorship, the users are left without practical
solutions to bootstrap security on their mobile devices. Existing distributed
solutions, for instance, the so-called web-of-trust are not sufficiently
lightweight. Furthermore, they support neither cross-application on mobile
devices nor strong protection of key material using hardware security modules.
We propose Sea of Lights(SoL), a practical lightweight scheme for bootstrapping
device-to-device security wirelessly, thus, enabling secure distributed
self-organized networks. It is tailored to operate `in the dark' and provides
strong protection of key material as well as an intuitive means to build a
lightweight web-of-trust. SoL is particularly well suited for local or urban
operation in scenarios such as the coordination of emergency response, where it
helps containing/limiting the spreading of misinformation. As a proof of
concept, we implement SoL in the Android platform and hence test its
feasibility on real mobile devices. We further evaluate its key performance
aspects using simulation
- …