Abordando fatores humanos no projeto de soluções criptográficas : dois estudos de caso em validação de itens e autenticação

Orientador: Ricardo DahabTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: O projeto de soluções criptográficas seguras a partir de uma perspectiva puramente teórica não é suficiente para garantir seu sucesso em cenários realistas. Diversas vezes, as premissas sob as quais estas soluções são propostas não poderiam estar mais longe das necessidades do mundo real. Um aspecto frequentemente esquecido, que pode influenciar em como a solução se sai ao ser integrada, é a forma como o usuário final interage com ela (i.e., fatores humanos). Neste trabalho, estudamos este problema através da análise de dois cenários de aplicação bem conhecidos da pesquisa em Segurança da Informação: O comércio eletrônico de itens digitais e Internet banking. Protocolos de trocas justas tem sido amplamente estudados, mas continuam não sendo implementados na maioria das transações de comércio eletrônico disponíveis. Para diversos tipos de itens digitais (e-goods), o modelo de negócios atual para comércio eletrônico falha em garantir justiça aos clientes. A validação de itens é um passo crítico em trocas justas, e recebeu pouca atenção dos pesquisadores. Nós acreditamos que estes problemas devam ser abordados de forma integrada, para que os protocolos de trocas justas possam ser efetivamente implementados no mercado. De forma geral, acreditamos também que isso seja um reflexo de paradigmas de projeto orientado a sistemas para soluções de segurança, que são centrados em dados em vez de usuários, o que resulta em métodos e técnicas que frequentemente desconsideram os requisitos de usuários. Contextualizamos como, ao subestimar as sutilezas do problema da validação de itens, o modelo atual para compra e venda de itens digitais falha em garantir sucesso, na perspectiva dos compradores, para as transações ¿ sendo, portanto, injusto por definição. Também introduzimos o conceito de Degradação Reversível, um método que inerentemente inclui o passo de validação de itens em transações de compra e venda com a finalidade de mitigar os problemas apresentados. Como prova-de-conceito, produzimos uma implementação de Degradação Reversível baseada em códigos corretores de erros sistemáticos (SECCs), destinada a conteúdo multimídia. Este método é também o subproduto de uma tentativa de incluir os requisitos do usuário no processo de construção de métodos criptográficos, uma abordagem que, em seguida, evoluímos para o denominado projeto de protocolos orientado a itens. De uma perspectiva semelhante, também propomos um método inovador para a autenticação de usuários e de transações para cenários de Internet Banking. O método proposto, baseado em Criptografia Visual, leva em conta tanto requisitos técnicos quanto de usuário, e cabe como um componente seguro ¿ e intuitivo ¿ para cenários práticos de autenticação de transaçõesAbstract: Designing secure cryptographic solutions from a purely theoretical perspective is not enough to guarantee their success in a realistic scenario. Many times, the assumptions under which these solutions are designed could not be further from real-world necessities. One particular, often-overlooked aspect that may impact how the solution performs after deployment is how the final user interacts with it (i.e., human factors). In this work, we take a deeper look into this issue by analyzing two well known application scenarios from Information Security research: The electronic commerce of digital items and Internet banking. Fair exchange protocols have been widely studied, but are still not implemented on most e-commerce transactions available. For several types of digital items (e-goods), the current e-commerce business model fails to provide fairness to customers. A critical step in fair exchange is item validation, which still lacks proper attention from researchers. We believe this issue should be addressed in a comprehensive and integrated fashion before fair exchange protocols can be effectively deployed in the marketplace. More generally, we also believe this to be the consequence of ongoing system-oriented security solution design paradigms that are data-centered, as opposed to user-centered, thus leading to methods and techniques that often disregard users¿ requirements. We contextualize how, by overlooking the subtleties of the item validation problem, the current model for buying and selling digital items fails to provide guarantees of a successful transaction outcome to customers, thus being unfair by design. We also introduce the concept of Reversible Degradation, a method for enhancing buy-sell transactions concerning digital items that inherently includes the item validation step in the purchase protocol in order to tackle the discussed problems. As a proof-of-concept, we produce a deliverable instantiation of Reversible Degradation based on systematic error correction codes (SECCs), suitable for multimedia content. This method is also the byproduct of an attempt to include users¿ requirements into the cryptographic method construction process, an approach that we further develop into a so-called item-aware protocol design. From a similar perspective, we also propose a novel method for user and transaction authentication for Internet Banking scenarios. The proposed method, which uses Visual Cryptography, takes both technical and user requirements into account, and is suitable as a secure ¿ yet intuitive ¿ component for practical transaction authentication scenariosDoutoradoCiência da ComputaçãoDoutor em Ciência da Computaçã

Automating SLA enforcement in the cloud computing

Cloud computing is playing an increasingly important role, not only by facilitating digital trading platforms but also by transforming conventional services from client-server models to cloud computing. This domain has given the global economic and technological benefits, it offers to both the service providers and service subscribers. Digital marketplaces are no longer limited only to trade tangible commodities but also facilitates enormous service virtualization across various industries. Software as a Service (SaaS) being the largest service segment, dominates the global cloud migration. Infrastructure as a Service (IaaS) and cloud-based application development also known as Platform as a Service (PaaS) are also next-generation computing platforms for their ultimate futuristic demand by both, public and private sector. These service segments are now hosted on cloud platforms to compute, store, and network, an enormous amount of service requests, which process data incredibly fast and economically. Organizations also perform data analytics and other similar computing amenities to manage their business without maintaining on-premise computing infrastructures which are hard to maintain. This computing capability has extensively improved the popularity and increased the demand for cloud services to an extent, that businesses worldwide are heavily migrating their computing resources to these platforms. Diverse cloud service providers take the responsibility of provisioning such cloud-based services for subscribers. In return, a certain subscription fee is charged to them periodically and depending upon the service package, availability and security. On the flip side, such intensive technology shift and outsourcing reliance have also introduced scenarios that any failure on their part leads to serious consequences to the business community at large. In recent years technology industry has observed critical and increased service outages at various cloud service providers(CSP) such as Amazon AWS, Microsoft, Google, which ultimately interrupts the entire supply chain and causes several well-known web services to be taken offline either due to a human error, failed change control implementation or in more recently due to targeted cyber-attacks like DDoS. These web-based solutions such as compute, storage, network or other similar services are provisioned to cloud service subscribers (CSS) platforms. Regardless of a cloud service deployment, a legal binding such as a Service Level Agreement (SLA) is signed between the CSP and CSS. The SLA holds a service scope and guarantees in case of failure. There are probabilities where these SLA may be violated, revoked, or dishonoured by either party, mostly the CSP. An SLA violation along with an unsettled dispute leads to some financial losses for the service subscribers or perhaps cost them their business reputation. Eventually, the subscriber may request some form of compensation from the provider such as a service credit or a refund. In either case, the burden of proof lies with the subscribers, who have to capture and preserve those data or forensically sound system or service logs, supporting their claims. Most of the time, this is manually processed, which is both expensive and time-consuming. To address this problem, this research first analyses the gaps in existing arrangements. It then suggests automation of SLA enforcement within cloud environments and identifies the main properties of a solution to the problem covering various other avenues associated with the other operating environments. This research then subsequently proposes architectures, based on the concept of fair exchange, and shows that how intelligently the approach enforces cloud SLA using various techniques. Furthermore, by extending the research scope covering two key scenarios (a) when participants are loss averse and (b) when interacting participants can act maliciously. Our proposed architectures present robust schemes by enforcing the suggested solutions which are effective, efficient, and most importantly resilient to modern-day security and privacy challenges. The uniqueness of our research is that it does not only ensure the fairness aspect of digital trading but it also extends and logically implements a dual security layer throughout the service exchange. Using this approach protects business participants by securely automating the dispute resolutions in a more resilient fashion. It also shields their data privacy and security from diverse cyber challenges and other operational failures. These architectures are capable of imposing state-of-the-art defences through integrated secure modules along with full encryption schemes, mitigating security gaps previously not dealt with, based upon fair exchange protocols. The Protocol also accomplishes achieving service exchange scenarios either with or without dispute resolution. Finally, our proposed architectures are automated and interact with hardcoded procedures and verifications mechanism using a variant of trusted third parties and trusted authorities, which makes it difficult to cause potential disagreements and misbehaviours during a cloud-based service exchange by enforcing SLA

E-commerce And Fair Exchange - The Problem Of Item Validation

Fair exchange protocols have been widely studied since their proposal, but are still not implemented on most ecommerce transactions available. For several types of digital items (e-goods), the current e-commerce business models fail to provide fairness to customers. The item validation problem is a critical step in fair exchange, and is yet to receive the proper attention from researchers. We believe these issues should be addressed in a comprehensive and integrated fashion before fair exchange protocols can be effectively deployed in the marketplace. This is the aim of our research, and drawing attention to these problems and possible solutions is the goal of this paper.317324 Inst. Syst. Technol. Inf., Control Commun. (INSTICC)Asokan, N., Fairness in electronic commerce (1998) Research Report RZ3027Bottoni, A., Dini, G., Stabell-Kulø, T., A methodology for verification of digital items in fair exchange protocols with active trustee (2007) Electronic Commerce Research, 7, p. 2Cheng, H., Li, X., Partial encryption of compressed images and videos (2000) Signal Processing, IEEE Transactions on, 48 (8), pp. 2439-2451Gartner, F.C., Pagnia, H., Vogt, H., Approaching a formal definition of fairness in electronic commerce (1999) SRDSKremer, S., Markowitch, O., Zhou, J., An intensive survey of fair non-repudiation protocols (2002) Computer Communications, 25 (17), pp. 1606-1621Kwong, S., An algorithm for removable visible watermarking (2006) IEEE Transactions on Circuits and Systems for Video Technology, 16 (1), pp. 129-133Lacoste, G., Pfitzmann, B., Steiner, M., Waidner, M., SEMPER - Secure electronic marketplace for europe (2000) Lecture Notes in Computer Science (LNCS), 1854Lian, S., (2009) Multimedia Content Encryption: Techniques and ApplicationsLoytynoja, M., Cvejic, N., Seppanen, T., Audio protection with removable watermarking (2007) 2007 6th International Conference on Information, Communications & Signal Processing, pp. 1-4. , IEEEMarkowitch, O., Roggeman, Y., Probabilistic non-repudiation without trusted third party (1999) Second Workshop on Security in Communication Network ̃ 99Minder, L., Cryptography based on error correcting codes (2007) Algo.epfl.chNenadic, A., Zhang, N., Barton, S., FIDES -A middleware ECommerce security solution (2004) The 3rd European Conference on Information Warfare and Security (ECIW), pp. 295-304Piva, F.R., (2009) Verificação Formal de Protocolos de Trocas Justas Utilizando O Método de Espaços de Fitas, , Master's thesis, UNICAMPPiva, F.R., Monteiro, J.R.M., Dahab, R., Strand spaces and fair exchange: More on how to trace attacks and security problems (2007) Anais Do VII SBSeg, Simpósio Brasileiro em Segurança da Informação e de Sistemas ComputacionaisPiva, F.R., Monteiro, J.R.M., Dahab, R., Regarding timeliness in the context of fair exchange (2009) Network and Service Security, 2009. N2S 09. International Conference on, pp. 1-6Piva, F.R., Monteiro, J.R.M., Devegili, A.J., Dahab, R., Applying strand spaces to certified delivery proofs (2006) Anais Do VI SBSeg, Simpósio Brasileiro em Segurança da Informação e de Sistemas ComputacionaisServetti, A., Testa, C., Martin, J.D., Frequency-selective partial encryption of compressed audio (2003) IEEE International Conference on AucousticsThayer, F.J., Herzog, J.C., Guttman, J.D., Strand spaces: Proving security protocols correct (1999) Journal of Computer Security, 7 (2-3), pp. 191-230Valimaki, M., Oksanen, V., (2006) DRM Interoperability and Intellectual Property Policy in EuropeVogt, H., Asynchronous optimistic fair exchange based on revocable items (2003) Financial Cryptography, pp. 208-22