13,587 research outputs found
User-Relative Names for Globally Connected Personal Devices
Nontechnical users who own increasingly ubiquitous network-enabled personal
devices such as laptops, digital cameras, and smart phones need a simple,
intuitive, and secure way to share information and services between their
devices. User Information Architecture, or UIA, is a novel naming and
peer-to-peer connectivity architecture addressing this need. Users assign UIA
names by "introducing" devices to each other on a common local-area network,
but these names remain securely bound to their target as devices migrate.
Multiple devices owned by the same user, once introduced, automatically merge
their namespaces to form a distributed "personal cluster" that the owner can
access or modify from any of his devices. Instead of requiring users to
allocate globally unique names from a central authority, UIA enables users to
assign their own "user-relative" names both to their own devices and to other
users. With UIA, for example, Alice can always access her iPod from any of her
own personal devices at any location via the name "ipod", and her friend Bob
can access her iPod via a relative name like "ipod.Alice".Comment: 7 pages, 1 figure, 1 tabl
The Web SSO Standard OpenID Connect: In-Depth Formal Security Analysis and Security Guidelines
Web-based single sign-on (SSO) services such as Google Sign-In and Log In
with Paypal are based on the OpenID Connect protocol. This protocol enables
so-called relying parties to delegate user authentication to so-called identity
providers. OpenID Connect is one of the newest and most widely deployed single
sign-on protocols on the web. Despite its importance, it has not received much
attention from security researchers so far, and in particular, has not
undergone any rigorous security analysis.
In this paper, we carry out the first in-depth security analysis of OpenID
Connect. To this end, we use a comprehensive generic model of the web to
develop a detailed formal model of OpenID Connect. Based on this model, we then
precisely formalize and prove central security properties for OpenID Connect,
including authentication, authorization, and session integrity properties.
In our modeling of OpenID Connect, we employ security measures in order to
avoid attacks on OpenID Connect that have been discovered previously and new
attack variants that we document for the first time in this paper. Based on
these security measures, we propose security guidelines for implementors of
OpenID Connect. Our formal analysis demonstrates that these guidelines are in
fact effective and sufficient.Comment: An abridged version appears in CSF 2017. Parts of this work extend
the web model presented in arXiv:1411.7210, arXiv:1403.1866,
arXiv:1508.01719, and arXiv:1601.0122
Portable Tor Router: Easily Enabling Web Privacy for Consumers
On-line privacy is of major public concern. Unfortunately, for the average
consumer, there is no simple mechanism to browse the Internet privately on
multiple devices. Most available Internet privacy mechanisms are either
expensive, not readily available, untrusted, or simply provide trivial
information masking. We propose that the simplest, most effective and
inexpensive way of gaining privacy, without sacrificing unnecessary amounts of
functionality and speed, is to mask the user's IP address while also encrypting
all data. We hypothesized that the Tor protocol is aptly suited to address
these needs. With this in mind we implemented a Tor router using a single board
computer and the open-source Tor protocol code. We found that our proposed
solution was able to meet five of our six goals soon after its implementation:
cost effectiveness, immediacy of privacy, simplicity of use, ease of execution,
and unimpaired functionality. Our final criterion of speed was sacrificed for
greater privacy but it did not fall so low as to impair day-to-day
functionality. With a total cost of roughly $100.00 USD and a speed cap of
around 2 Megabits per second we were able to meet our goal of an affordable,
convenient, and usable solution to increased on-line privacy for the average
consumer.Comment: 6 pages, 5 figures, IEEE ICCE Conferenc
KeyForge: Mitigating Email Breaches with Forward-Forgeable Signatures
Email breaches are commonplace, and they expose a wealth of personal,
business, and political data that may have devastating consequences. The
current email system allows any attacker who gains access to your email to
prove the authenticity of the stolen messages to third parties -- a property
arising from a necessary anti-spam / anti-spoofing protocol called DKIM. This
exacerbates the problem of email breaches by greatly increasing the potential
for attackers to damage the users' reputation, blackmail them, or sell the
stolen information to third parties.
In this paper, we introduce "non-attributable email", which guarantees that a
wide class of adversaries are unable to convince any third party of the
authenticity of stolen emails. We formally define non-attributability, and
present two practical system proposals -- KeyForge and TimeForge -- that
provably achieve non-attributability while maintaining the important protection
against spam and spoofing that is currently provided by DKIM. Moreover, we
implement KeyForge and demonstrate that that scheme is practical, achieving
competitive verification and signing speed while also requiring 42% less
bandwidth per email than RSA2048
- …