15,443 research outputs found
Recommended from our members
Selection of EAP-authentication methods in WLANs
IEEE 802.1X is a key part of IEEE802.11i. By employing Extensible Authentication Protocol (EAP) it supports a variety of upper layer
authentication methods each with different benefits and drawbacks. Any one of these authentication methods can be the ideal choice for a specific networking environment. The fact that IEEE 802.11i leaves the selection of the most suitable authentication method to system implementers makes the authentication framework more flexible, but on the other hand leads to the
question of how to select the authentication method that suits an organisationâs requirements and specific networking environment. This paper gives an overview of EAP authentication methods and provides a table comparing their properties. It then identifies the crucial factors to be considered when employing EAP authentication methods in WLAN environments. The paper presents algorithms that guide the selection of an EAP-authentication method for a WLAN and demonstrates their application through three examples
Identifying Native Applications with High Assurance
The work described in this paper investigates the problem
of identifying and deterring stealthy malicious processes on
a host. We point out the lack of strong application iden-
tication in main stream operating systems. We solve the
application identication problem by proposing a novel iden-
tication model in which user-level applications are required
to present identication proofs at run time to be authenti-
cated by the kernel using an embedded secret key. The se-
cret key of an application is registered with a trusted kernel
using a key registrar and is used to uniquely authenticate
and authorize the application. We present a protocol for
secure authentication of applications. Additionally, we de-
velop a system call monitoring architecture that uses our
model to verify the identity of applications when making
critical system calls. Our system call monitoring can be
integrated with existing policy specication frameworks to
enforce application-level access rights. We implement and
evaluate a prototype of our monitoring architecture in Linux
as device drivers with nearly no modication of the ker-
nel. The results from our extensive performance evaluation
shows that our prototype incurs low overhead, indicating the
feasibility of our model
Callisto: a cryptographic approach to detecting serial perpetrators of sexual misconduct
Sexual misconduct is prevalent in workplace and education settings
but stigma and risk of further damage deter many victims from
seeking justice. Callisto, a non-profit that has created an online sexual assault reporting platform for college campuses, is expanding its
work to combat sexual assault and harassment in other industries.
In this new product, users will be invited to an online "matching
escrow" that will detect repeat perpetrators and create pathways
to support for victims. Users submit encrypted data about their
perpetrator, and this data can only be decrypted by the Callisto
Options Counselor (a lawyer), when another user enters the identity of the same perpetrator. If the perpetrator identities match,
both users will be put in touch independently with the Options
Counselor, who will connect them to each other (if appropriate) and
help them determine their best path towards justice. The client relationships with the Options Counselors are structured so that any
client-counselor communications would be privileged. A combination of client-side encryption, encrypted communication channels,
oblivious pseudo-random functions, key federation, and Shamir
Secret Sharing keep data confidential in transit, at rest, and during
the matching process with the guarantee that only the lawyer ever
has access to user submitted data, and even then only when a match
is identified.Accepted manuscrip
Planning for the Future of Cyber Attack Attribution : Hearing Before the H. Subcomm. on Technology and Innovation of the H. Comm. on Science and Technology, 111th Cong., July 15, 2010 (Statement by Adjunct Professor Marc Rotenberg, Geo. U. L. Center)
Steve Bellovin, another security expert, noted recently that one of risks of the new White House plan for cyber security is that it places too much emphasis on attribution. As Dr. Bellovin explains:
The fundamental premise of the proposed strategy is that our serious Internet security problems are due to lack of sufficient authentication. That is demonstrably false. The biggest problem was and is buggy code. All the authentication in the world won\u27t stop a bad guy who goes around the authentication system, either by finding bugs exploitable before authentication is performed, finding bugs in the authentication system itself, or by hijacking your system and abusing the authenticated connection set up by the legitimate user.
While I believe the White House, the Cyber Security Advisor, and the various participants in the drafting process have made an important effort to address privacy and security interests, I share Professor Bellovinâs concern that too much emphasis has been placed on promoting identification.
I also believe that online identification, promoted by government, will be used for purposes unrelated to cyber security and could ultimately chill political speech and limit the growth of the Internet. Greater public participation in the development of this policy as well as a formal rulemaking on the White House proposal could help address these concerns
A Decentralised Digital Identity Architecture
Current architectures to validate, certify, and manage identity are based on
centralised, top-down approaches that rely on trusted authorities and
third-party operators. We approach the problem of digital identity starting
from a human rights perspective, with a primary focus on identity systems in
the developed world. We assert that individual persons must be allowed to
manage their personal information in a multitude of different ways in different
contexts and that to do so, each individual must be able to create multiple
unrelated identities. Therefore, we first define a set of fundamental
constraints that digital identity systems must satisfy to preserve and promote
privacy as required for individual autonomy. With these constraints in mind, we
then propose a decentralised, standards-based approach, using a combination of
distributed ledger technology and thoughtful regulation, to facilitate
many-to-many relationships among providers of key services. Our proposal for
digital identity differs from others in its approach to trust in that we do not
seek to bind credentials to each other or to a mutually trusted authority to
achieve strong non-transferability. Because the system does not implicitly
encourage its users to maintain a single aggregated identity that can
potentially be constrained or reconstructed against their interests,
individuals and organisations are free to embrace the system and share in its
benefits.Comment: 30 pages, 10 figures, 3 table
How to build a self-sovereign identity system that is beneficial to both the individual and business
Self-sovereign identity defines a system in which an entity can generate and maintain their own proof of identity. There are several solutions aimed at providing this service and storing the relevant information on a blockchain. We describe how to develop such a system using Ethereumâs smart contract platform and a browser-based application, and we demonstrate its use in a corporate that sells more than one funeral insurance product. Individuals and organizations should be able to create claims on their identities, however, only reputable organizations can verify these claims. These operations are executed by functions contained in the smart contracts and the transactions can be stored on a blockchain. A major benefit of this innovation is that an identity can be easily re-used and we show how an insurance department can do this using credentials already requested by another department. This method allows for much needed efficiency over the current system
- âŚ