4,945 research outputs found
Citizen Electronic Identities using TPM 2.0
Electronic Identification (eID) is becoming commonplace in several European
countries. eID is typically used to authenticate to government e-services, but
is also used for other services, such as public transit, e-banking, and
physical security access control. Typical eID tokens take the form of physical
smart cards, but successes in merging eID into phone operator SIM cards show
that eID tokens integrated into a personal device can offer better usability
compared to standalone tokens. At the same time, trusted hardware that enables
secure storage and isolated processing of sensitive data have become
commonplace both on PC platforms as well as mobile devices.
Some time ago, the Trusted Computing Group (TCG) released the version 2.0 of
the Trusted Platform Module (TPM) specification. We propose an eID architecture
based on the new, rich authorization model introduced in the TCGs TPM 2.0. The
goal of the design is to improve the overall security and usability compared to
traditional smart card-based solutions. We also provide, to the best our
knowledge, the first accessible description of the TPM 2.0 authorization model.Comment: This work is based on an earlier work: Citizen Electronic Identities
using TPM 2.0, to appear in the Proceedings of the 4th international workshop
on Trustworthy embedded devices, TrustED'14, November 3, 2014, Scottsdale,
Arizona, USA, http://dx.doi.org/10.1145/2666141.266614
ViotSOC: Controlling Access to Dynamically Virtualized IoT Services using Service Object Capability
Virtualization of Internet of Things(IoT) is a concept of dynamically
building customized high-level IoT services which
rely on the real time data streams from low-level physical
IoT sensors. Security in IoT virtualization is challenging,
because with the growing number of available (building
block) services, the number of personalizable virtual
services grows exponentially. This paper proposes Service
Object Capability(SOC) ticket system, a decentralized access
control mechanism between servers and clients to effi-
ciently authenticate and authorize each other without using
public key cryptography. SOC supports decentralized
partial delegation of capabilities specified in each server/-
client ticket. Unlike PKI certificates, SOC’s authentication
time and handshake packet overhead stays constant regardless
of each capability’s delegation hop distance from the
root delegator. The paper compares SOC’s security bene-
fits with Kerberos and the experimental results show SOC’s
authentication incurs significantly less time packet overhead
compared against those from other mechanisms based on
RSA-PKI and ECC-PKI algorithms. SOC is as secure as,
and more efficient and suitable for IoT environments, than
existing PKIs and Kerberos
BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure
This paper describes BlockPKI, a blockchain-based public-key infrastructure
that enables an automated, resilient, and transparent issuance of digital
certificates. Our goal is to address several shortcomings of the current TLS
infrastructure and its proposed extensions. In particular, we aim at reducing
the power of individual certification authorities and make their actions
publicly visible and accountable, without introducing yet another trusted third
party. To demonstrate the benefits and practicality of our system, we present
evaluation results and describe our prototype implementation.Comment: Workshop on Blockchain and Sharing Economy Application
A robust self-organized public key management for mobile ad hoc networks
A mobile ad hoc network (MANET) is a self-organized wireless network where mobile nodes can communicate with each other without the use of any existing network infrastructure or centralized administration. Trust establishment and management are essential for any security framework of MANETs. However, traditional solutions to key management through accessing trusted authorities or centralized servers are infeasible for MANETs due to the absence of infrastructure, frequent mobility, and wireless link instability. In this paper, we propose a robust self-organized, public key management for MANETs. The proposed scheme relies on establishing a small number of trust relations between neighboring nodes during the network initialization phase. Experiences gained as a result of successful communications and node mobility through the network enhance the formation of a web of trust between mobile nodes. The proposed scheme allows each user to create its public key and the corresponding private key, to issue certificates to neighboring nodes, and to perform public key authentication through at least two independent certificate chains without relying on any centralized authority. A measure of the communications cost of the key distribution process has been proposed. Simulation results show that the proposed scheme is robust and efficient in the mobility environment of MANET and against malicious node attacks
A Practical Set-Membership Proof for Privacy-Preserving NFC Mobile Ticketing
To ensure the privacy of users in transport systems, researchers are working
on new protocols providing the best security guarantees while respecting
functional requirements of transport operators. In this paper, we design a
secure NFC m-ticketing protocol for public transport that preserves users'
anonymity and prevents transport operators from tracing their customers' trips.
To this end, we introduce a new practical set-membership proof that does not
require provers nor verifiers (but in a specific scenario for verifiers) to
perform pairing computations. It is therefore particularly suitable for our
(ticketing) setting where provers hold SIM/UICC cards that do not support such
costly computations. We also propose several optimizations of Boneh-Boyen type
signature schemes, which are of independent interest, increasing their
performance and efficiency during NFC transactions. Our m-ticketing protocol
offers greater flexibility compared to previous solutions as it enables the
post-payment and the off-line validation of m-tickets. By implementing a
prototype using a standard NFC SIM card, we show that it fulfils the stringent
functional requirement imposed by transport operators whilst using strong
security parameters. In particular, a validation can be completed in 184.25 ms
when the mobile is switched on, and in 266.52 ms when the mobile is switched
off or its battery is flat
- …