12,162 research outputs found
Towards Enhanced Usability of IT Security Mechanisms - How to Design Usable IT Security Mechanisms Using the Example of Email Encryption
Nowadays, advanced security mechanisms exist to protect data, systems, and
networks. Most of these mechanisms are effective, and security experts can
handle them to achieve a sufficient level of security for any given system.
However, most of these systems have not been designed with focus on good
usability for the average end user. Today, the average end user often struggles
with understanding and using security mecha-nisms. Other security mechanisms
are simply annoying for end users. As the overall security of any system is
only as strong as the weakest link in this system, bad usability of IT security
mechanisms may result in operating errors, resulting in inse-cure systems.
Buying decisions of end users may be affected by the usability of security
mechanisms. Hence, software provid-ers may decide to better have no security
mechanism then one with a bad usability. Usability of IT security mechanisms is
one of the most underestimated properties of applications and sys-tems. Even IT
security itself is often only an afterthought. Hence, usability of security
mechanisms is often the after-thought of an afterthought. This paper presents
some guide-lines that should help software developers to improve end user
usability of security-related mechanisms, and analyzes com-mon applications
based on these guidelines. Based on these guidelines, the usability of email
encryption is analyzed and an email encryption solution with increased
usability is presented. The approach is based on an automated key and trust
man-agement. The compliance of the proposed email encryption solution with the
presented guidelines for usable security mechanisms is evaluated
Crypto-Verifying Protocol Implementations in ML
We intend to narrow the gap between concrete
implementations and verified models of cryptographic protocols.
We consider protocols implemented in F#, a variant of ML, and
verified using CryptoVerif, Blanchet's protocol verifier for
computational cryptography.
We experiment with compilers from F# code to CryptoVerif processes,
and from CryptoVerif declarations to F# code.
We present two case studies: an implementation of the Otway-Rees
protocol, and an implementation of a simplified password-based
authentication protocol. In both cases, we obtain concrete security
guarantees for a computational model closely related to
executable code
WiFi Epidemiology: Can Your Neighbors' Router Make Yours Sick?
In densely populated urban areas WiFi routers form a tightly interconnected
proximity network that can be exploited as a substrate for the spreading of
malware able to launch massive fraudulent attack and affect entire urban areas
WiFi networks. In this paper we consider several scenarios for the deployment
of malware that spreads solely over the wireless channel of major urban areas
in the US. We develop an epidemiological model that takes into consideration
prevalent security flaws on these routers. The spread of such a contagion is
simulated on real-world data for geo-referenced wireless routers. We uncover a
major weakness of WiFi networks in that most of the simulated scenarios show
tens of thousands of routers infected in as little time as two weeks, with the
majority of the infections occurring in the first 24 to 48 hours. We indicate
possible containment and prevention measure to limit the eventual harm of such
an attack.Comment: 22 pages, 1 table, 4 figure
Secure Cloud Storage with Client-Side Encryption Using a Trusted Execution Environment
With the evolution of computer systems, the amount of sensitive data to be
stored as well as the number of threats on these data grow up, making the data
confidentiality increasingly important to computer users. Currently, with
devices always connected to the Internet, the use of cloud data storage
services has become practical and common, allowing quick access to such data
wherever the user is. Such practicality brings with it a concern, precisely the
confidentiality of the data which is delivered to third parties for storage. In
the home environment, disk encryption tools have gained special attention from
users, being used on personal computers and also having native options in some
smartphone operating systems. The present work uses the data sealing, feature
provided by the Intel Software Guard Extensions (Intel SGX) technology, for
file encryption. A virtual file system is created in which applications can
store their data, keeping the security guarantees provided by the Intel SGX
technology, before send the data to a storage provider. This way, even if the
storage provider is compromised, the data are safe. To validate the proposal,
the Cryptomator software, which is a free client-side encryption tool for cloud
files, was integrated with an Intel SGX application (enclave) for data sealing.
The results demonstrate that the solution is feasible, in terms of performance
and security, and can be expanded and refined for practical use and integration
with cloud synchronization services
- …