996 research outputs found
Perfectly Secure Communication, based on Graph-Topological Addressing in Unique-Neighborhood Networks
We consider network graphs in which adjacent nodes share common
secrets. In this setting, certain techniques for perfect end-to-end security
(in the sense of confidentiality, authenticity (implying integrity) and
availability, i.e., CIA+) can be made applicable without end-to-end shared
secrets and without computational intractability assumptions. To this end, we
introduce and study the concept of a unique-neighborhood network, in which
nodes are uniquely identifiable upon their graph-topological neighborhood.
While the concept is motivated by authentication, it may enjoy wider
applicability as being a technology-agnostic (yet topology aware) form of
addressing nodes in a network
Lazy updates in key assignment schemes for hierarchical access control
Hierarchical access control policies are used to restrict access to
objects by users based on their respective security labels. There are
many key assignment schemes in the literature for implementing
such policies using cryptographic mechanisms. Updating keys in such
schemes has always been problematic, not least because many objects
may be encrypted with the same key. We propose a number of techniques
by which this process can be improved, making use of the idea of
lazy key updates, which have been studied in the context of
cryptographic file systems. We demonstrate in passing that schemes
for lazy key updates can be regarded as simple instances of key
assignment schemes. Finally, we illustrate the utility of our
techniques by applying them to hierarchical file systems and to
temporal access control policies
User-differentiated hierarchical key management for the bring-your-own-device environments
To ensure confidentiality, the sensitive electronic data held within a corporation is always carefully encrypted and stored in a manner so that it is inaccessible to those parties who are not involved. During this process, the specific manners of how to keep, distribute, use, and update keys which are used to encrypt the sensitive data become an important thing to be considered. Through use of hierarchical key management, a technique that provides access controls in multi-user systems where a portion of sensitive resources shall only be made available to authorized users or security ordinances, required information is distributed on a need-to-know basis. As a result of this hierarchical key management, time-bound hierarchical key management further adds time controls to the information access process. There is no existing hierarchical key management scheme or time-bound hierarchical key management scheme which is able to differentiate users with the same authority. When changes are required for any user, all other users who have the same access authorities will be similarly affected, and this deficiency then further deteriorates due to a recent trend which has been called Bring-Your-Own-Device. This thesis proposes the construction of a new time-bound hierarchical key management scheme called the User-Differentiated Two-Layer Encryption-Based Scheme (UDTLEBC), one which is designed to differentiate between users. With this differentiation, whenever any changes are required for one user during the processes of key management, no additional users will be affected during these changes and these changes can be done without interactions with the users. This new scheme is both proven to be secure as a time-bound hierarchical key management scheme and efficient for use in a BYOD environment
KALwEN: a new practical and interoperable key management scheme for body sensor networks
Key management is the pillar of a security architecture. Body sensor networks (BSNs) pose several challenges–some inherited from wireless sensor networks (WSNs), some unique to themselves–that require a new key management scheme to be tailor-made. The challenge is taken on, and the result is KALwEN, a new parameterized key management scheme that combines the best-suited cryptographic techniques in a seamless framework. KALwEN is user-friendly in the sense that it requires no expert knowledge of a user, and instead only requires a user to follow a simple set of instructions when bootstrapping or extending a network. One of KALwEN's key features is that it allows sensor devices from different manufacturers, which expectedly do not have any pre-shared secret, to establish secure communications with each other. KALwEN is decentralized, such that it does not rely on the availability of a local processing unit (LPU). KALwEN supports secure global broadcast, local broadcast, and local (neighbor-to-neighbor) unicast, while preserving past key secrecy and future key secrecy (FKS). The fact that the cryptographic protocols of KALwEN have been formally verified also makes a convincing case. With both formal verification and experimental evaluation, our results should appeal to theorists and practitioners alike
State of The Art and Hot Aspects in Cloud Data Storage Security
Along with the evolution of cloud computing and cloud storage towards matu-
rity, researchers have analyzed an increasing range of cloud computing security
aspects, data security being an important topic in this area. In this paper, we
examine the state of the art in cloud storage security through an overview of
selected peer reviewed publications. We address the question of defining cloud
storage security and its different aspects, as well as enumerate the main vec-
tors of attack on cloud storage. The reviewed papers present techniques for key
management and controlled disclosure of encrypted data in cloud storage, while
novel ideas regarding secure operations on encrypted data and methods for pro-
tection of data in fully virtualized environments provide a glimpse of the toolbox
available for securing cloud storage. Finally, new challenges such as emergent
government regulation call for solutions to problems that did not receive enough
attention in earlier stages of cloud computing, such as for example geographical
location of data. The methods presented in the papers selected for this review
represent only a small fraction of the wide research effort within cloud storage
security. Nevertheless, they serve as an indication of the diversity of problems
that are being addressed
Arcula: A Secure Hierarchical Deterministic Wallet for Multi-asset Blockchains
This work presents Arcula, a new design for hierarchical deterministic
wallets that brings identity-based addresses to the blockchain. Arcula is built
on top of provably secure cryptographic primitives. It generates all its
cryptographic secrets from a user-provided seed and enables the derivation of
new public keys based on the identities of users, without requiring any secret
information. Unlike other wallets, it achieves all these properties while being
secure against privilege escalation. We formalize the security model of
hierarchical deterministic wallets and prove that an attacker compromising an
arbitrary number of users within an Arcula wallet cannot escalate his
privileges and compromise users higher in the access hierarchy. Our design
works out-of-the-box with any blockchain that enables the verification of
signatures on arbitrary messages. We evaluate its usage in a real-world
scenario on the Bitcoin Cash network
- …