50 research outputs found
Secure Remote Storage of Logs with Search Capabilities
Dissertação de Mestrado em Engenharia InformáticaAlong side with the use of cloud-based services, infrastructure and storage, the use of application logs
in business critical applications is a standard practice nowadays. Such application logs must be stored
in an accessible manner in order to used whenever needed. The debugging of these applications is a
common situation where such access is required. Frequently, part of the information contained in logs
records is sensitive.
This work proposes a new approach of storing critical logs in a cloud-based storage recurring to
searchable encryption, inverted indexing and hash chaining techniques to achieve, in a unified way, the
needed privacy, integrity and authenticity while maintaining server side searching capabilities by the logs
owner.
The designed search algorithm enables conjunctive keywords queries plus a fine-grained search
supported by field searching and nested queries, which are essential in the referred use case. To the
best of our knowledge, the proposed solution is also the first to introduce a query language that enables
complex conjunctive keywords and a fine-grained search backed by field searching and sub queries.A gerac¸ ˜ao de logs em aplicac¸ ˜oes e a sua posterior consulta s˜ao fulcrais para o funcionamento de qualquer
neg´ocio ou empresa. Estes logs podem ser usados para eventuais ac¸ ˜oes de auditoria, uma vez
que estabelecem uma baseline das operac¸ ˜oes realizadas. Servem igualmente o prop´ osito de identificar
erros, facilitar ac¸ ˜oes de debugging e diagnosticar bottlennecks de performance. Tipicamente, a maioria
da informac¸ ˜ao contida nesses logs ´e considerada sens´ıvel.
Quando estes logs s˜ao armazenados in-house, as considerac¸ ˜oes relacionadas com anonimizac¸ ˜ao,
confidencialidade e integridade s˜ao geralmente descartadas. Contudo, com o advento das plataformas
cloud e a transic¸ ˜ao quer das aplicac¸ ˜oes quer dos seus logs para estes ecossistemas, processos de
logging remotos, seguros e confidenciais surgem como um novo desafio. Adicionalmente, regulac¸ ˜ao
como a RGPD, imp˜oe que as instituic¸ ˜oes e empresas garantam o armazenamento seguro dos dados.
A forma mais comum de garantir a confidencialidade consiste na utilizac¸ ˜ao de t ´ecnicas criptogr ´aficas
para cifrar a totalidade dos dados anteriormente `a sua transfer ˆencia para o servidor remoto. Caso sejam
necess´ arias capacidades de pesquisa, a abordagem mais simples ´e a transfer ˆencia de todos os dados
cifrados para o lado do cliente, que proceder´a `a sua decifra e pesquisa sobre os dados decifrados.
Embora esta abordagem garanta a confidencialidade e privacidade dos dados, rapidamente se torna
impratic ´avel com o crescimento normal dos registos de log. Adicionalmente, esta abordagem n˜ao faz
uso do potencial total que a cloud tem para oferecer.
Com base nesta tem´ atica, esta tese prop˜oe o desenvolvimento de uma soluc¸ ˜ao de armazenamento
de logs operacionais de forma confidencial, integra e autˆ entica, fazendo uso das capacidades de armazenamento
e computac¸ ˜ao das plataformas cloud. Adicionalmente, a possibilidade de pesquisa sobre
os dados ´e mantida. Essa pesquisa ´e realizada server-side diretamente sobre os dados cifrados e sem
acesso em momento algum a dados n˜ao cifrados por parte do servidor..
Vulnerabilities and limitations of MQTT protocol used between IoT devices
With the proliferation of smart devices capable of communicating over a network using different protocols, each year more and more successful attacks are recorded against these, underlining the necessity of developing and implementing mechanisms to protect against such attacks. This paper will review some existing solutions used to secure a communication channel, such as Transport Layer Security or symmetric encryption, as well as provide a novel approach to achieving confidentiality and integrity of messages. The method, called Value-to-Keyed-Hash Message Authentication Code (Value-to-HMAC) mapping, uses signatures to send messages, instead of encryption, by implementing a Keyed-Hash Message Authentication Code generation algorithm. Although robust solutions exist that can be used to secure the communication between devices, this paper considers that not every Internet of Things (IoT) device or network design is able to afford the overhead and drop in performance, or even support such protocols. Therefore, the Value-to-HMAC method was designed to maximize performance while ensuring the messages are only readable by the intended node. The experimental procedure demonstrates how the method will achieve better performance than a symmetric-key encryption algorithm, while ensuring the confidentiality and integrity of information through the use of one mechanism
A Two-Party Hierarchical Deterministic Wallets in Practice
The applications of Hierarchical Deterministic Wallet are rapidly growing in various areas such as cryptocurrency exchanges and hardware wallets. Improving privacy and security is more important than ever. In this study, we proposed a protocol that fully support a two-party computation of BIP32. Our protocol, similar to the distributed key generation, can generate each party’s secret share, the common chain-code, and the public key without revealing a seed and any descendant private keys. We also provided a simulation-based proof of our protocol assuming a rushing, static, and malicious adversary in the hybrid model. Our master key generation protocol produces up to total of two bit leakages from a honest party given the feature that the seeds will be re-selected after each execution. The proposed hardened child key derivation protocol leads up to a one bit leakage in the worst situation of simulation from a honest party and will be accumulated with each execution. Fortunately, in reality, this issue can be largely mitigated by adding some validation criteria of boolean circuits and masking the input shares before each execution. We then implemented the proposed protocol and ran in a single thread on a laptop which turned out with practically acceptable execution time. Lastly, the outputs of our protocol can be easily integrated with many threshold sign protocols
Bezpieczne systemy wbudowane. Zastosowania
System wbudowany to dedykowany system komputerowy złożony
z odpowiednio dobranych komponentów programowych i sprzętowych.
Jego przeznaczeniem jest wykonywanie określonej aplikacji programowej.
Ze względu na wszechobecne dążenie do opracowywania „inteligentnych”
urządzeń systemy wbudowane mają szerokie zastosowania w wielu dziedzinach.
Obecnie można zaobserwować, że systemy wbudowane po latach
przebywania niejako w cieniu komputerów osobistych przeżywają swoisty
rozkwit związany między innymi ze znacznym spadkiem cen podzespołów.
Współcześnie, takie urządzenia, jak telewizor wyposażone są w podzespoły
pozwalające im konkurować o uwagę użytkownika z komputerami
stacjonarnymi lub laptopami. Spadek cen spowodował masową dostępność
tanich, łatwych do nauki platform deweloperskich, ułatwiających wejście
w świat budowy systemów wbudowanych.
W pracy, na przykładzie systemu lokalizującego i „proof of concept”
menadżera haseł wbudowanego w popularną kartę chipową, zostanie
przedstawione spektrum możliwości stosowania systemów wbudowanych
Vulnerabilities and limitations of MQTT protocol used between IoT devices
With the proliferation of smart devices capable of communicating over a network using different protocols, each year more and more successful attacks are recorded against these, underlining the necessity of developing and implementing mechanisms to protect against such attacks. This paper will review some existing solutions used to secure a communication channel, such as Transport Layer Security or symmetric encryption, as well as provide a novel approach to achieving confidentiality and integrity of messages. The method, called Value-to-Keyed-Hash Message Authentication Code (Value-to-HMAC) mapping, uses signatures to send messages, instead of encryption, by implementing a Keyed-Hash Message Authentication Code generation algorithm. Although robust solutions exist that can be used to secure the communication between devices, this paper considers that not every Internet of Things (IoT) device or network design is able to afford the overhead and drop in performance, or even support such protocols. Therefore, the Value-to-HMAC method was designed to maximize performance while ensuring the messages are only readable by the intended node. The experimental procedure demonstrates how the method will achieve better performance than a symmetric-key encryption algorithm, while ensuring the confidentiality and integrity of information through the use of one mechanism