691 research outputs found
Smart Ticket Protection: An Architecture for Cyber-Protecting Physical Tickets Using Digitally Signed Random Pattern Markers
In order to counter forgeries of tickets for public transport or mass events,
a method to validate them, using printed unique random pattern markers was
developed. These markers themselves are unforgeable by their physically random
distribution. To assure their authenticity, however, they have to be
cryptographically protected and equipped with an environment for successful
validation, combining physical and cyber security protection. This paper
describes an architecture for cryptographically protecting these markers, which
are stored in Aztec codes on physical tickets, in order to assure that only an
authorized printer can generate a valid Aztec code of such a pattern, thus
providing forge protection in combination with the randomness and uniqueness of
the pattern. Nevertheless, the choice of the signature algorithm is heavily
constrained by the sizes of the pattern, ticket provider data, metadata and the
signature confronted by the data volume the code hold. Therefore, this paper
also defines an example for a signature layout for the proposed architecture.
This allows for a lightweight ticket validation system that is both physically
and cryptographically secured to form a smart solution for mass access
verification for both shorter to longer periods at relatively low cost.Comment: 4 pages, 2 figure
MoPS: A Modular Protection Scheme for Long-Term Storage
Current trends in technology, such as cloud computing, allow outsourcing the
storage, backup, and archiving of data. This provides efficiency and
flexibility, but also poses new risks for data security. It in particular
became crucial to develop protection schemes that ensure security even in the
long-term, i.e. beyond the lifetime of keys, certificates, and cryptographic
primitives. However, all current solutions fail to provide optimal performance
for different application scenarios. Thus, in this work, we present MoPS, a
modular protection scheme to ensure authenticity and integrity for data stored
over long periods of time. MoPS does not come with any requirements regarding
the storage architecture and can therefore be used together with existing
archiving or storage systems. It supports a set of techniques which can be
plugged together, combined, and migrated in order to create customized
solutions that fulfill the requirements of different application scenarios in
the best possible way. As a proof of concept we implemented MoPS and provide
performance measurements. Furthermore, our implementation provides additional
features, such as guidance for non-expert users and export functionalities for
external verifiers.Comment: Original Publication (in the same form): ASIACCS 201
Secure Identification in Social Wireless Networks
The applications based on social networking have brought revolution towards social life and are continuously gaining popularity among the Internet users. Due to the advanced computational resources offered by the innovative hardware and nominal subscriber charges of network operators, most of the online social networks are transforming into the mobile domain by offering exciting applications and games exclusively designed for users on the go. Moreover, the mobile devices are considered more personal as compared to their desktop rivals, so there is a tendency among the mobile users to store sensitive data like contacts, passwords, bank account details, updated calendar entries with key dates and personal notes on their devices.
The Project Social Wireless Network Secure Identification (SWIN) is carried out at Swedish Institute of Computer Science (SICS) to explore the practicality of providing the secure mobile social networking portal with advanced security features to tackle potential security threats by extending the existing methods with more innovative security technologies. In addition to the extensive background study and the determination of marketable use-cases with their corresponding security requirements, this thesis proposes a secure identification design to satisfy the security dimensions for both online and offline peers. We have implemented an initial prototype using PHP Socket and OpenSSL library to simulate the secure identification procedure based on the proposed design. The design is in compliance with 3GPPâs Generic Authentication Architecture (GAA) and our implementation has demonstrated the flexibility of the solution to be applied independently for the applications requiring secure identification. Finally, the thesis provides strong foundation for the advanced implementation on mobile platform in future
PDFS: Practical Data Feed Service for Smart Contracts
Smart contracts are a new paradigm that emerged with the rise of the
blockchain technology. They allow untrusting parties to arrange agreements.
These agreements are encoded as a programming language code and deployed on a
blockchain platform, where all participants execute them and maintain their
state. Smart contracts are promising since they are automated and
decentralized, thus limiting the involvement of third trusted parties, and can
contain monetary transfers. Due to these features, many people believe that
smart contracts will revolutionize the way we think of distributed
applications, information sharing, financial services, and infrastructures.
To release the potential of smart contracts, it is necessary to connect the
contracts with the outside world, such that they can understand and use
information from other infrastructures. For instance, smart contracts would
greatly benefit when they have access to web content. However, there are many
challenges associated with realizing such a system, and despite the existence
of many proposals, no solution is secure, provides easily-parsable data,
introduces small overheads, and is easy to deploy.
In this paper we propose PDFS, a practical system for data feeds that
combines the advantages of the previous schemes and introduces new
functionalities. PDFS extends content providers by including new features for
data transparency and consistency validations. This combination provides
multiple benefits like content which is easy to parse and efficient
authenticity verification without breaking natural trust chains. PDFS keeps
content providers auditable, mitigates their malicious activities (like data
modification or censorship), and allows them to create a new business model. We
show how PDFS is integrated with existing web services, report on a PDFS
implementation and present results from conducted case studies and experiments.Comment: Blockchain; Smart Contracts; Data Authentication; Ethereu
Personal Authentication System Based Iris Recognition with Digital Signature Technology
Authentication based on biometrics is being used to prevent physical access to high-security institutions. Recently, due to the rapid rise of information system technologies, Biometrics are now being used in applications for accessing databases and commercial workflow systems. These applications need to implement measures to counter security threats. Many developers are exploring and developing novel authentication techniques to prevent these attacks. However, the most difficult problem is how to keep biometric data while maintaining the practical performance of identity verification systems. This paper presents a biometrics-based personal authentication system in which a smart card, a Public Key Infrastructure (PKI), and iris verification technologies are combined. Raspberry Pi 4 Model B+ is used as the core of hardware components with an IR Camera. Following that idea, we designed an optimal image processing algorithm in OpenCV/ Python, Keras, and sci-kit learn libraries for feature extraction and recognition is chosen for application development in this project. The implemented system gives an accuracy of (97% and 100%) for the left and right (NTU) iris datasets respectively after training. Later, the person verification based on the iris feature is performed to verify the claimed identity and examine the system authentication. The time of key generation, Signature, and Verification is 5.17sec,0.288, and 0.056 respectively for the NTU iris dataset. This work offers the realistic architecture to implement identity-based cryptography with biometrics using the RSA algorithm
Cryptographically Secure Information Flow Control on Key-Value Stores
We present Clio, an information flow control (IFC) system that transparently
incorporates cryptography to enforce confidentiality and integrity policies on
untrusted storage. Clio insulates developers from explicitly manipulating keys
and cryptographic primitives by leveraging the policy language of the IFC
system to automatically use the appropriate keys and correct cryptographic
operations. We prove that Clio is secure with a novel proof technique that is
based on a proof style from cryptography together with standard programming
languages results. We present a prototype Clio implementation and a case study
that demonstrates Clio's practicality.Comment: Full version of conference paper appearing in CCS 201
Security of Health Information Databases
Tundlike andmete turvaline kogumine ja hoiustamine on vĂ€ga vajalik. Olenevalt olukorrast vĂ”ib see osutuda aga oodatust keerulisemaks. Andmebaasis olevate andmete turvalisus vĂ”ib jÀÀda tĂ€helepanuta vĂ”i seda vĂ”idakse ĂŒlehinnata. Rakenduse poolel andmete krĂŒpteerimine on ĂŒks moodus laialdaselt esinevate probleemide ennetamiseks. Selle töö eesmĂ€rk on esitada nĂ€idisrakendus andmete turvalise kogumise kohta. See implementatsioon esitab andmete kogumise protsessi. Me katsetame kahte odavama hinnaklassi riistvaralisi turvamoodulit rakendusega siduda. Tulemustest on nĂ€ha kaasnevaid raskusi, lootusega et protsessi saab parendada. NĂ€idisrakendust saab kasutada tundlike andmete kogumise meetodite lisamisel olemasolevatesse andmehaldusrakendustesse.Secure storage of sensitive data is a strong requirement in current times. Depending on the scenario it could prove more difficult than first expected. Data security on the database side is often overlooked or underestimated. Application side encryption can be used to avoid many of the common issues. In the thesis we aim to give an implementation of one scheme for secure data gathering and storage. The implementation consists of three applications to display the process of gathering data. We also attempt to integrate two low budget Hardware Security Modules (HSMs) into our scheme. The thesis shows the difficulties with the hope, that the process could be improved. The given example can be used to add specialised sensitive data collection methods to existing data management software
- âŠ