Universally composable end-to-end secure messaging

CNS-1718135 - National Science Foundation; CNS-1801564 - National Science Foundation; CNS-1931714 - National Science Foundation; CNS-1915763 - National Science Foundation; HR00112020021 - Department of Defense/DARPA; 000000000000000000000000000000000000000000000000000000037211 - SRI Internationalhttps://eprint.iacr.org/2022/376.pdfAccepted manuscrip

Admissibility of Non-U.S. Electronic Evidence

After two long years collecting hundreds of gigabytes of e-mail, data base reports, and social media posts from countries in Europe, Asia, and South America, such as France, South Korea, Argentina, Canada, Australia, and El Salvador, the day of trial has arrived. The trial team has obtained the data at great cost, in dollars as well as person-hours, but is finally ready for trial. First-chair counsel, second-chair counsel, and four paralegals file into the courtroom, not with bankers boxes full of documents as in earlier times, but with laptops, tablet computers, and a data projector. Following opening statements, the first witness takes the stand. After a few questions about the existence of e-mails written by executives of the defendant multinational corporation, a paralegal moves to the projector, as she rehearsed many times, to flip on the switch that will project the e-mails for the jury. She hears, “Objection!” followed immediately by, “Sustained.” Counsel asks for a sidebar. Instead, the judge asks the court officer to take the jury out. She then notes that these e-mails, the production of which she had ruled upon previously, were created outside the U.S. Who will testify to their authenticity? What was the chain of custody—were they altered in some fashion in the office or between the client’s servers and counsel’s laptop? How, exactly, do the e-mails fit into an exception to the hearsay rule? Business records? What is the “business” of this foreign facility that requires the use of e-mail on a regular basis? Counsel asks for a continuance to respond to those questions. “Denied!” the judge says

Use of Java Cards in a telematic voting system.

This paper presents a general view of the telematic voting system developed by its authors, with a special emphasis on the important role that smart cards play in this scenario. The use of smart cards as basic pieces for providing secure cryptographic operations in this type of voting scheme is justified. The differences and advantages of Java Cards in comparison with the ?classical? smart cards (those that completely conform to the ISO/IEC 7816 standard) are also discussed. As an example, the paper describes one of the applets implemented in the voting Java Card as part of the general telematic voting application

Time for an Upgrade: Amending the Federal Rules of Evidence to Address the Challenges of Electronically Stored Information in Civil Litigation

In recent years, electronically stored information (ESI) has begun to play an increasingly important role in civil litigation. Although the e-discovery amendments to the Federal Rules of Civil Procedure in 2006 provided guidelines for the discovery of this information, no accompanying changes were made to the Federal Rules of Evidence to govern the admissibility of this information at trial. This article outlines the vastly different ways courts have addressed this problem in three areas: authentication, hearsay, and the best evidence rule. After discussing the various approaches courts take in these areas, this article proposes specific amendments to the Federal Rules of Evidence that would provide guidance to courts and litigants as to the admissibility of electronically stored information at trial

Vulnerability Analysis of the Player Command and Control Protocol

The Player project is an open-source effort providing a control interface specification and software framework for abstracting robot hardware. This research presents five exploits that compromise vulnerabilities in Player\u27s command and control protocol. The attacks exploit weaknesses in the ARP, IP, TCP and Player protocols to compromise the confidentially, integrity, and availability of communication between a Player client and server. The attacks assume a laptop is connected in promiscuous mode to the same Ethernet hub as the client and server in order to sniff all network traffic between them. This work also demonstrates that Internet Protocol Security (IPsec) is capable of mitigating the vulnerabilities discovered in Player\u27s command and control protocol. Experimental results show that all five exploits are successful when Player communication is unprotected but are defeated when IPsec Authentication Header (AH) and Encapsulating Security Protocol (ESP) are deployed together (AH+ESP) in transport mode. A cost function is defined to synthesize three distinct scalar costs (exploit success, CPU utilization, and network load) into a single scalar output that can be used to compare the different defense protocols provided by IPsec. Results from this cost function show that in a scenario when exploits are likely, IPsec AH+ESP is the preferred defense protocol because of its relatively low CPU and network overhead and ability to defeat the exploits implemented in this research by authenticating and encrypting the transport and application layers. Performance data reveals that for the Overo Earth embedded system running a TI OMAP3530 processor at 720MHz, IPsec AH+ESP increases CPU utilization by 0.52% and the network load by 22.9Kbps (64.3% increase)

Manufactured vulnerability: eco-activist tactics in Britain

This article examines the development of tactics in radical environmentalist protests against new roads and other environmental issues in Britain during the 1990s. These tactics depend heavily upon the technical creativity of protesters. Their repertoire has been influenced by British traditions of non-violent direct action and by tactics used previously by radical environmentalists in other countries, notably Australia. This form of non-violent direct action is defined here as manufactured vulnerability because of its reliance on technical devices to prolong vulnerability. Much evidence in this case confirms past studies of how new action forms are developed. Evidence also suggests that development of tactics in radical environmental groups is particularly likely to be influenced by latent networks of activists and cross-national diffusion

From OPIMA to MPEG IPMP-X: A standard's history across R&D projects

This paper describes the work performed by a number of companies and universities who have been working as a consortium under the umbrella of the European Union Framework Programme 5 (FP5), Information Society Technologies (IST) research program, in order to provide a set of Digital Rights Management (DRM) technologies and architectures, aiming at helping to reduce the copyright circumvention risks, that have been threatening the music and film industries in their transition from the “analogue” to “digital” age. The paper starts by addressing some of the earlier standardization efforts in the DRM arena, namely, Open Platform Initiative for Multimedia Access (OPIMA). One of the described FP5 IST projects, Open Components for Controlled Access to Multimedia Material (OCCAMM), has developed the OPIMA vision. The paper addresses also the Motion Pictures Expert Group—MPEG DRM work, starting from the MPEG Intellectual Propriety Management and Protection—IPMP “Hooks”, towards the MPEG IPMP Extensions, which has originated the first DRM-related standard (MPEG-4 Part 13, called IPMP Extensions or IPMP-X) ever released by ISO up to the present days.2 The paper clarifies how the FP5 IST project MPEG Open Security for Embedded Systems (MOSES), has extended the OPIMA interfaces and architecture to achieve compliance with the MPEG IPMP-X standard, and how it has contributed to the achievement of “consensus” and to the specification, implementation (Reference Software) and validation (Conformance Testing) of the MPEG IPMP-X standard.info:eu-repo/semantics/acceptedVersio

An Impregnable Lightweight Device Discovery (ILDD) Model for the Pervasive Computing Environment of Enterprise Applications

The worldwide use of handheld devices (personal digital assistants, cell phones, etc.) with wireless connectivity will reach 2.6 billion units this year and 4 billion by 2010. More specifically, these handheld devices have become an integral part of industrial applications. These devices form pervasive ad hoc wireless networks that aide in industry applications. However, pervasive computing is susceptible and vulnerable to malicious active and passive snoopers. This is due to the unavoidable interdevice dependency, as well as a common shared medium, very transitory connectivity, and the absence of a fixed trust infrastructure. In order to ensure security and privacy in the pervasive environment, we need a mechanism to maintain a list of valid devices that will help to prevent malicious devices from participating in any task. In this paper, we will show the feasibility of using a modified human- computer authentication protocol in order to prevent the malicious attacks of ad hoc networks in industrial applications. We will also present two separate models for both large and small networks, as well as several possible attack scenarios for each network

Forensic Analysis of G Suite Collaborative Protocols

Widespread adoption of cloud services is fundamentally changing the way IT services are delivered and how data is stored. Current forensic tools and techniques have been slow to adapt to new challenges and demands of collecting and analyzing cloud artifacts. Traditional methods focusing only on client data collection are incomplete, as the client may have only a (partial) snapshot and misses cloud-native artifacts that may contain valuable historical information. In this work, we demonstrate the importance of recovering and analyzing cloud-native artifacts using G Suite as a case study. We develop a tool that extracts and processes the history of Google Documents and Google Slides by reverse engineering the web applications private protocol. Combined with previous work that has focused on API-based acquisition of cloud drives, this presents a more complete solution to cloud forensics, and is generalizable to any cloud service that maintains a detailed log of revisions