1,326 research outputs found

    LIPIcs, Volume 251, ITCS 2023, Complete Volume

    Get PDF
    LIPIcs, Volume 251, ITCS 2023, Complete Volum

    Efficient Security Protocols for Constrained Devices

    Get PDF
    During the last decades, more and more devices have been connected to the Internet.Today, there are more devices connected to the Internet than humans.An increasingly more common type of devices are cyber-physical devices.A device that interacts with its environment is called a cyber-physical device.Sensors that measure their environment and actuators that alter the physical environment are both cyber-physical devices.Devices connected to the Internet risk being compromised by threat actors such as hackers.Cyber-physical devices have become a preferred target for threat actors since the consequence of an intrusion disrupting or destroying a cyber-physical system can be severe.Cyber attacks against power and energy infrastructure have caused significant disruptions in recent years.Many cyber-physical devices are categorized as constrained devices.A constrained device is characterized by one or more of the following limitations: limited memory, a less powerful CPU, or a limited communication interface.Many constrained devices are also powered by a battery or energy harvesting, which limits the available energy budget.Devices must be efficient to make the most of the limited resources.Mitigating cyber attacks is a complex task, requiring technical and organizational measures.Constrained cyber-physical devices require efficient security mechanisms to avoid overloading the systems limited resources.In this thesis, we present research on efficient security protocols for constrained cyber-physical devices.We have implemented and evaluated two state-of-the-art protocols, OSCORE and Group OSCORE.These protocols allow end-to-end protection of CoAP messages in the presence of untrusted proxies.Next, we have performed a formal protocol verification of WirelessHART, a protocol for communications in an industrial control systems setting.In our work, we present a novel attack against the protocol.We have developed a novel architecture for industrial control systems utilizing the Digital Twin concept.Using a state synchronization protocol, we propagate state changes between the digital and physical twins.The Digital Twin can then monitor and manage devices.We have also designed a protocol for secure ownership transfer of constrained wireless devices. Our protocol allows the owner of a wireless sensor network to transfer control of the devices to a new owner.With a formal protocol verification, we can guarantee the security of both the old and new owners.Lastly, we have developed an efficient Private Stream Aggregation (PSA) protocol.PSA allows devices to send encrypted measurements to an aggregator.The aggregator can combine the encrypted measurements and calculate the decrypted sum of the measurements.No party will learn the measurement except the device that generated it

    Security and Privacy of Resource Constrained Devices

    Get PDF
    The thesis aims to present a comprehensive and holistic overview on cybersecurity and privacy & data protection aspects related to IoT resource-constrained devices. Chapter 1 introduces the current technical landscape by providing a working definition and architecture taxonomy of ‘Internet of Things’ and ‘resource-constrained devices’, coupled with a threat landscape where each specific attack is linked to a layer of the taxonomy. Chapter 2 lays down the theoretical foundations for an interdisciplinary approach and a unified, holistic vision of cybersecurity, safety and privacy justified by the ‘IoT revolution’ through the so-called infraethical perspective. Chapter 3 investigates whether and to what extent the fast-evolving European cybersecurity regulatory framework addresses the security challenges brought about by the IoT by allocating legal responsibilities to the right parties. Chapters 4 and 5 focus, on the other hand, on ‘privacy’ understood by proxy as to include EU data protection. In particular, Chapter 4 addresses three legal challenges brought about by the ubiquitous IoT data and metadata processing to EU privacy and data protection legal frameworks i.e., the ePrivacy Directive and the GDPR. Chapter 5 casts light on the risk management tool enshrined in EU data protection law, that is, Data Protection Impact Assessment (DPIA) and proposes an original DPIA methodology for connected devices, building on the CNIL (French data protection authority) model

    Security Elites in Egypt and Jordan after the Arab Spring : A Case Study on Securocracies’ Role on National Security, Domestic Power Politics, Regional Order and Middle Eastern Alliance Making between 2011 and 2021

    Get PDF
    The doctoral dissertation studied changes in the balance of power, alliance making and the hegemonic struggles of security elites within a Middle Eastern regional context over a ten year reference period between 2011 and 2021. The study focused on two case study countries: Egypt and Jordan. The results were compared within a historical context to the pre-Arab Spring era. The theoretical approach combined the English School of Thought and Middle Eastern Studies with a conceptual model of securocracy developed by the author. The primary contribution of the research is the realization of the core importance of securocracy within autocratic state systems. Inside securocracies there exists rivalling groups and organisations that counterbalance each other. The study points to the fact that the power struggle between executive powers – either purely domestic one or supported by foreign involvement, is the main driver behind why case study countries were in varying degrees dragged into instability and turmoil in the aftermath of the Arab Spring. Securocracies can be divided into two main types: centralised and decentralised. The centralised model occurs when different elites groups have the same ”distance” to the ruler while having equal privileges and equal access to political power. The model predicts durability and stability of the regime (status quo). In the de-centralised model, there is an ongoing struggle amongst elite groups and “distances” to ruler are not equal, neither are the privileges. In Egypt the hegemonic struggle amongst elites took precedence over the interests and stability of the state after the Arab Spring and has continued since then. The situation at the end of 2021 is a de-centralised model where all executive powers are concentrated within President al-Sisi’s family dynasty (palace) and the leadership of military intelligence. This de-centralised type of securocracy makes Egypt’s situation fragile. Any impact from the outside, such as the Biden administration’s decision to impose additional conditions on U.S. financial military aid, could lead to a new hegemonic struggle challenging al-Sisi’s power. The securocracy’s survival strategy found in the study was the use of vertical power at all levels of the state hierarchy (” the winner takes it all”). In the situation of a power struggle, the ruler uses omni-balancing i.e., alliance making with powerful foreign states in order to gain an advantage against domestic rivals and revisionist regional states. The Egyptian example is al-Sisi’s rapprochement with Russia’s President Putin and his distancing of Egypt from its previous role of being the United States’ loyal Middle Eastern ally. The Jordanian example however, is the opposite, resulting in even closer relations with the United States since January 2021 when the two countries signed an updated Status of Forces Agreement (SOFA). The study also highlights that decisions concerning ruler succession in authoritarian states take place behind-the-scenes amongst the securocracy as it, per rule, prefers to choose a member inside its own interest group or alternatively a political figurehead that commits to protect securocracy’s privileged interests in exchange of their own power position. Within the Middle East, the recent U.S. pivot to Asia-Pacific created an opportunity for Russia to make a come-back. Russia, however, does not have the resources to compensate for the loss of U.S. financial military aid to the security elites. This in turn, and with Russia’s consent, has given space for regional state actors, particularly, the United Arab Emirates and Saudi-Arabia, to increase their influence. Gulf support to the regional clients is not free of charge: they request their clients adopt their own threat perceptions, take sides in armed conflicts and contribute to military capabilities which support the sponsors’ regional foreign and security policy goals.VĂ€itöstutkimuksessa tarkasteltiin kymmenen vuoden ajanjaksolla voimatasapainon muutosta LĂ€hi-idĂ€n alueellisessa valtarakenteessa, liittolaissuhteiden muutoksia sekĂ€ turvallisuuseliittien roolia maan sisĂ€isessĂ€ valtataistelussa. Tuloksia verrattiin historiallisessa kontekstissa arabikevĂ€ttĂ€ edeltĂ€vÀÀn aikaan kahdessa tapaustutkimusmaassa: EgyptissĂ€ ja Jordaniassa. TeoriaviitekehyksenĂ€ sovellettiin Englantilaisen koulukunnan ja LĂ€hi-idĂ€n tutkimuksen teoriamalleja, sekĂ€ tutkijan kehittelemÀÀ sekurokratian konseptuaalista mallia. Tutkimuksen keskeinen tulos on havainto sekurokratian merkittĂ€vĂ€stĂ€ roolista osana autoritaarista valtiomallia. Sekurokratian sisĂ€lle on luotu useita toinen toistaan tasapainottavia ryhmittymiĂ€. Tapaustutkimusmaiden arabikevÀÀn jĂ€lkeisen turvallisuustilanteen muutoksia selittĂ€vien tekijöiden joukossa turvallisuuseliittien valtakamppailu nousi merkittĂ€vÀÀn rooliin. Valtakamppailua kĂ€ytiin eliittien kesken joko pelkĂ€stÀÀn maan sisĂ€llĂ€ tai vaihtoehtoisesti osin myös valtion ulkopuolisten voimien tukemana. Tutkimuksen perusteella sekurokratiat voidaan jakaa kahteen pÀÀtyyppiin: keskitettyyn ja hajautettuun malliin. Jos eri turvallisuuseliitti-ryhmien edut, vallankĂ€yttö ja etĂ€isyys vallan keskipisteeseen ovat tasapainossa puhutaan keskitetyn sekurokratian mallista, mikĂ€ ennustaa vallassa olevan regiimin pysyvyyttĂ€ ja vakautta. Jos taas sekurokratian rakenne on hajautetun mallin mukainen, sen valtakamppailu voi johtaa yhden osan pyrkimyksiin hegemonia-asemasta. Egyptin tapauksessa arabikevÀÀn jĂ€lkeinen turvallisuuseliittien valtakamppailu asetettiin maan vakauden edelle ja eliittien valtakamppailu on jatkunut tĂ€hĂ€n pĂ€ivÀÀn. Tilanteessa vuoden 2021 lopussa valta on al-Sisin perhedynastialla ja sotilastiedustelun eliitillĂ€ (hajautettu malli). Hajautettu malli ei ennusta pitkĂ€aikaista vallassa pysymistĂ€; vahva ulkopuolinen herĂ€te, esimerkiksi Bidenin hallinnon sotilaallisen talousavun lopettaminen voisi johtaa uuteen valtakamppailuun ja al-Sisin valta-aseman haastamiseen. Tutkimustulokset osoittavat, ettĂ€ sekurokratoiden selviytymisstrategiana on vallanvertikaalin kĂ€yttö valtiohallinnon eri tasoilla. Valtakamppailun tilanteessa kĂ€ytetÀÀn tasapainotusstrategiaa (omni-balancing), missĂ€ alueellisia vahvoja valtioita ja suurvaltoja pyritÀÀn yhdistĂ€mÀÀn hallitsijan puolelle kilpailevia eliittiryhmittymiĂ€ tai revisionistisia ulkovaltoja vastaan. EgyptissĂ€ presidentti al-Sisin valtaannousu johti maan lĂ€hentymiseen presidentti Putinin VenĂ€jĂ€n kanssa sekĂ€ etÀÀntymiseen aiemmasta Yhdysvalloille uskollisen LĂ€hi-idĂ€n liittolaisen roolista. Jordaniassa puolestaan maa on nyt entistĂ€ tiiviimmin liittoutunut Yhdysvaltojen kanssa. EsimerkkinĂ€ tĂ€stĂ€ on tammikuussa 2021 maiden kesken solmittu sotilasyhteistyötĂ€ ja jordanialaisten tukikohtien kĂ€yttöÀ sÀÀtelevĂ€ isĂ€ntĂ€maatuki-sopimus. Tutkimustulosten valossa autoritaariselle vallanperimykselle tyypillistĂ€ on se, ettĂ€ julkisuuteen nĂ€kymĂ€ttömĂ€n sisĂ€isen valtakamppailun jĂ€lkeen uudeksi valtionpÀÀmieheksi pyritÀÀn nostamaan sekurokratian sisĂ€ltĂ€ sen oman intressiryhmĂ€n edustaja, tai vaihtoehtoisesti sekurokratian valitsema ulkopuolinen poliitikko, jonka vastuulle korporaation intressien vaaliminen lankeaa vastapalveluksena sekurokratian tuesta keulakuva-poliitikon vallassa pitĂ€miseksi. Alueellisen turvallisuusjĂ€rjestyksen osalta tutkimuksen tulokset osoittavat sen, ettĂ€ Yhdysvaltojen painopisteen siirto Tyynellemerelle vii ja Aasiaan on antanut VenĂ€jĂ€lle mahdollisuuden palauttaa vaikutusvaltaansa LĂ€hiitÀÀn. VenĂ€jĂ€llĂ€ ei kuitenkaan ole resursseja kompensoida Yhdysvaltojen arabivaltioiden turvallisuuseliiteille allokoimaa taloudellista tukea. TĂ€mĂ€ on antanut tilaa alueellisten toimijoiden kuten Yhdistyneiden arabiemiirikuntien ja Saudi-Arabian vaikutusvallan kasvattamiselle - tosin VenĂ€jĂ€n hyvĂ€ksynnĂ€llĂ€. Tuki ei myöskÀÀn tule ilmaiseksi, sillĂ€ sponsorit edellyttĂ€vĂ€t, ettĂ€ niille alisteisessa asemassa olevat maat omaksuvat tukijavaltioidensa uhkakuvat, sekĂ€ konfliktitilanteissa kontribuoivat sotilaallisia kyvykkyyksiĂ€ nĂ€iden valtioiden ulko- ja turvallisuuspoliittisten pÀÀmÀÀrien saavuttamiseksi

    Verifiable Timed Proxy Signatures and Multi-signatures

    Get PDF
    Verifiable timed commitments serve as cryptographic tools that enable the binding of information to specific time intervals. By integrating these commitments into signature schemes, secure and tamper-evident digital signatures can be generated, ensuring the integrity of time-sensitive mechanisms. This article delves into the concept of verifiable timed commitments and explores their efficient applications in digital signature constructions. Specifically, it focuses on two important signature schemes: proxy signatures and multi-signatures. The idea of the timed proxy signature is to enable the delegation of signing rights for a specified period, allowing designated entities to sign messages on behalf of the original signer. On the other hand, multi-signatures allow multiple parties to collectively generate a single signature, ensuring enhanced security and accountability. The article presents an in-depth analysis of the underlying mechanisms, discussing their properties, strengths, and computational complexity. Through this exploration, the article aims to shed light on the potential of verifiable timed commitments and inspire further research in this evolving field of cryptography

    The Alevi identity and Alevis’ Human rights conditions in the Republic of Turkey

    Get PDF
    This research’s central axes are human rights and freedoms and Alevis. It also explores the Alevis as a community, the Alevi identity, the Alevis’ use of human rights law language, the nature of the Alevis’ relations to the Republic of Turkey, and their attachment to the Republic of Turkey

    Applying Blockchain Technology to Financial Market’s Infrastructure

    Get PDF
    The utilization of blockchain technology has gained widespread acceptance across various domains in recent years. Among them, blockchain integration in the financial sector is particularly noteworthy. Blockchain technology offers a range of features that can address various challenges in the financial industry, including decentralization, transparency, enhanced security, and tamper-proofing. Therefore, this thesis aims to investigate the issues that persist in academia and industry and address them through blockchain technology. The research for this thesis was divided into three major stages. The first stage involved conducting an academic survey through a comprehensive literature review. The aim was to identify the pain points that academics have identified and to narrow down the problems that concern the academic community. The second stage involved collecting requirements from industry experts. This helped to identify the real-world issues that currently exist in the financial industry. Based on these issues, the research moved on to the next stage. The third stage involved an experimental study, further divided into two parts. Part 1 involved designing and developing a blockchain-based issuance and trading system for financial products. This system aimed to enhance participant trust, reduce costs, and increase efficiency. Part 2 involved the development of a risk monitoring system for blockchain-based financial products. This system aimed to assist participants in monitoring market risks, providing them with risk warning coefficients, and reducing the probability of systemic risks in the market. The results of this thesis demonstrate that blockchain technology's feasibility and integration can positively impact financial markets from an experimental perspective. It can be helpful to adopt blockchain technology for financial and FinTech industries
    • 

    corecore