5,999 research outputs found
Building Regular Registers with Rational Malicious Servers and Anonymous Clients
The paper addresses the problem of emulating a regular register in a synchronous distributed system where clients invoking and operations are anonymous while server processes maintaining the state of the register may be compromised by rational adversaries (i.e., a server might behave as rational malicious Byzantine process). We first model our problem as a Bayesian game between a client and a rational malicious server where the equilibrium depends on the decisions of the malicious server (behave correctly and not be detected by clients vs returning a wrong register value to clients with the risk of being detected and then excluded by the computation). We prove such equilibrium exists and finally we design a protocol implementing the regular register that forces the rational malicious server to behave correctly
Graffiti Networks: A Subversive, Internet-Scale File Sharing Model
The proliferation of peer-to-peer (P2P) file sharing protocols is due to
their efficient and scalable methods for data dissemination to numerous users.
But many of these networks have no provisions to provide users with long term
access to files after the initial interest has diminished, nor are they able to
guarantee protection for users from malicious clients that wish to implicate
them in incriminating activities. As such, users may turn to supplementary
measures for storing and transferring data in P2P systems. We present a new
file sharing paradigm, called a Graffiti Network, which allows peers to harness
the potentially unlimited storage of the Internet as a third-party
intermediary. Our key contributions in this paper are (1) an overview of a
distributed system based on this new threat model and (2) a measurement of its
viability through a one-year deployment study using a popular web-publishing
platform. The results of this experiment motivate a discussion about the
challenges of mitigating this type of file sharing in a hostile network
environment and how web site operators can protect their resources
Encrypted Shared Data Spaces
The deployment of Share Data Spaces in open, possibly hostile, environments arises the need of protecting the confidentiality of the data space content. Existing approaches focus on access control mechanisms that protect the data space from untrusted agents. The basic assumption is that the hosts (and their administrators) where the data space is deployed have to be trusted. Encryption schemes can be used to protect the data space content from malicious hosts. However, these schemes do not allow searching on encrypted data. In this paper we present a novel encryption scheme that allows tuple matching on completely encrypted tuples. Since the data space does not need to decrypt tuples to perform the search, tuple confidentiality can be guaranteed even when the data space is deployed on malicious hosts (or an adversary gains access to the host). Our scheme does not require authorised agents to share keys for inserting and retrieving tuples. Each authorised agent can encrypt, decrypt, and search encrypted tuples without having to know other agents’ keys. This is beneficial inasmuch as it simplifies the task of key management. An implementation of an encrypted data space based on this scheme is described and some preliminary performance results are given
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view
Security Enhancement in Cloud Environment using Secure Secret Key Sharing
Securing the data in distributed cloud system is considered one of the major concern for the cloud customers who faces security risks. The data leakage or data tampering are widely used by attackers to extract the private information of other users who shares the confidential data through virtualization. This paper presents Secure Secret Sharing (SSS) technique which is being recognized as one of the leading method to secure the sensitive data. It shares encrypted data over cloud and generated secret key is split into different parts distributed to qualified participants (Qn) only which is analyzed by malicious checkers. It verifies the clients based on their previous performances, whether these users proved to be authorized participant or not. The key computation is evaluated by the Key handler (KH) called trusted party which manages authorized control list, encryption/decryption and reconstruction of key shares. The Lagrange’s interpolation method is used to reconstruct the secret from shares. The experimental results shows that the proposed secure data sharing algorithm not only provides excellent security and performance, but also achieves better key management and data confidentiality than previous countermeasures. It improves the security by using secure VM placement and evaluated based on time consumption and probability computation to prove the efficacy of our algorithm. Experiments are performed on cloudsim based on following parameters i.e. time computation of key generation; response time and encryption/decryption. The experimental results demonstrate that this method can effectively reduce the risks and improves the security and time consumption up to 27.81% and 43.61% over existing algorithms
- …