1,288 research outputs found
A Security-aware Approach to JXTA-Overlay Primitives
The JXTA-Overlay project is an effort to use JXTA technology
to provide a generic set of functionalities that can be used by developers to deploy P2P applications. Since its design mainly focuses on issues such as scalability or overall performance, it does not take security into account. However, as P2P applications have evolved to fulfill more complex scenarios, security has become a very important aspect to take into account when evaluating a P2P framework. This work proposes a security extension specifically suited to JXTA-Overlay¿s idiosyncrasies, providing an acceptable solution to some of its current shortcomings.El proyecto JXTA-Overlay es un esfuerzo por utilizar la tecnología JXTA para proporcionar un conjunto genérico de funciones que pueden ser utilizadas por los desarrolladores para desplegar aplicaciones P2P. Aunque su diseño se centra principalmente en cuestiones como la escalabilidad y el rendimiento general, no tiene en cuenta la seguridad. Sin embargo, como las aplicaciones P2P se han desarrollado para cumplir con escenarios más complejos, la seguridad se ha convertido en un aspecto muy importante a tener en cuenta a la hora de evaluar un marco P2P. Este artículo propone una extensión de seguridad específicamente adaptada a la idiosincrasia de JXTA-Overlay, proporcionando una solución aceptable para algunas de sus deficiencias actuales.El projecte JXTA-Overlay és un esforç per utilitzar la tecnologia JXTA per proporcionar un conjunt genèric de funcions que poden ser utilitzades pels desenvolupadors per desplegar aplicacions P2P. Tot i que el seu disseny se centra principalment en qüestions com ara la escalabilitat i el rendiment general, no té en compte la seguretat. No obstant això, com que les aplicacions P2P s'han desenvolupat per complir amb escenaris més complexos, la seguretat s'ha convertit en un aspecte molt important a tenir en compte a l'hora d'avaluar un marc P2P. Aquest article proposa una extensió de seguretat específicament adaptada a la idiosincràsia de JXTA-Overlay, proporcionant una solució acceptable per a algunes de les seves deficiències actuals
Options for Securing RTP Sessions
The Real-time Transport Protocol (RTP) is used in a large number of
different application domains and environments. This heterogeneity
implies that different security mechanisms are needed to provide
services such as confidentiality, integrity, and source
authentication of RTP and RTP Control Protocol (RTCP) packets
suitable for the various environments. The range of solutions makes
it difficult for RTP-based application developers to pick the most
suitable mechanism. This document provides an overview of a number
of security solutions for RTP and gives guidance for developers on
how to choose the appropriate security mechanism
Decentralizing Custodial Wallets with MFKDF
The average cryptocurrency user today faces a difficult choice between
centralized custodial wallets, which are notoriously prone to spontaneous
collapse, or cumbersome self-custody solutions, which if not managed properly
can cause a total loss of funds. In this paper, we present a "best of both
worlds" cryptocurrency wallet design that looks like, and inherits the user
experience of, a centralized custodial solution, while in fact being entirely
decentralized in design and implementation. In our design, private keys are not
stored on any device, but are instead derived directly from a user's
authentication factors, such as passwords, soft tokens (e.g., Google
Authenticator), hard tokens (e.g., YubiKey), or out-of-band authentication
(e.g., SMS). Public parameters (salts, one-time pads, etc.) needed to access
the wallet can be safely stored in public view, such as on a public blockchain,
thereby providing strong availability guarantees. Users can then simply "log
in" to their decentralized wallet on any device using standard credentials and
even recover from lost credentials, thereby providing the usability of a
custodial wallet with the trust and security of a decentralized approach
Multi-Factor Key Derivation Function (MFKDF) for Fast, Flexible, Secure, & Practical Key Management
We present the first general construction of a Multi-Factor Key Derivation
Function (MFKDF). Our function expands upon password-based key derivation
functions (PBKDFs) with support for using other popular authentication factors
like TOTP, HOTP, and hardware tokens in the key derivation process. In doing
so, it provides an exponential security improvement over PBKDFs with less than
12 ms of additional computational overhead in a typical web browser. We further
present a threshold MFKDF construction, allowing for client-side key recovery
and reconstitution if a factor is lost. Finally, by "stacking" derived keys, we
provide a means of cryptographically enforcing arbitrarily specific key
derivation policies. The result is a paradigm shift toward direct cryptographic
protection of user data using all available authentication factors, with no
noticeable change to the user experience. We demonstrate the ability of our
solution to not only significantly improve the security of existing systems
implementing PBKDFs, but also to enable new applications where PBKDFs would not
be considered a feasible approach.Comment: To appear in USENIX Security '2
How to grant anonymous access
[EN] In this paper, we propose three protocols to share, among a set of N competing entities, the responsibility to grant anonymous access to a resource. The protocols we propose vary in their settings to take into account central or distributed registration. We prove that any subset of guardian authorities can neither tamper with, nor forge, new access-key tokens. Besides, two of the methods we propose are resistant to the eventual appearance of quantum computers. The protocols we propose permit new approaches for cryptographic applications such as electronic voting or blockchain access.Larriba, AM.; López Rodríguez, D. (2023). How to grant anonymous access. IEEE Transactions on Information Forensics and Security. 18:613-625. https://doi.org/10.1109/TIFS.2022.32265616136251
Recommended from our members
MobileTrust: Secure Knowledge Integration in VANETs
Vehicular Ad hoc NETworks (VANET) are becoming popular due to the emergence of the Internet of Things and ambient intelligence applications. In such networks, secure resource sharing functionality is accomplished by incorporating trust schemes. Current solutions adopt peer-to-peer technologies that can cover the large operational area. However, these systems fail to capture some inherent properties of VANETs, such as fast and ephemeral interaction, making robust trust evaluation of crowdsourcing challenging. In this article, we propose MobileTrust—a hybrid trust-based system for secure resource sharing in VANETs. The proposal is a breakthrough in centralized trust computing that utilizes cloud and upcoming 5G technologies to provide robust trust establishment with global scalability. The ad hoc communication is energy-efficient and protects the system against threats that are not countered by the current settings. To evaluate its performance and effectiveness, MobileTrust is modelled in the SUMO simulator and tested on the traffic features of the small-size German city of Eichstatt. Similar schemes are implemented in the same platform to provide a fair comparison. Moreover, MobileTrust is deployed on a typical embedded system platform and applied on a real smart car installation for monitoring traffic and road-state parameters of an urban application. The proposed system is developed under the EU-founded THREAT-ARREST project, to provide security, privacy, and trust in an intelligent and energy-aware transportation scenario, bringing closer the vision of sustainable circular economy
- …