PPAA: Peer-to-Peer Anonymous Authentication (Extended Version)

In the pursuit of authentication schemes that balance user privacy and accountability, numerous anonymous credential systems have been constructed. However, existing systems assume a client-server architecture in which only the clients, but not the servers, care about their privacy. In peer-to-peer (P2P) systems where both clients and servers are peer users with privacy concerns, no existing system correctly strikes that balance between privacy and accountability. In this paper, we provide this missing piece: a credential system in which peers are {\em pseudonymous} to one another (that is, two who interact more than once can recognize each other via pseudonyms) but are otherwise anonymous and unlinkable across different peers. Such a credential system finds applications in, e.g., Vehicular Ad-hoc Networks (VANets) and P2P networks. We formalize the security requirements of our proposed credential system, provide a construction for it, and prove the security of our construction. Our solution is efficient: its complexities are independent of the number of users in the system

Introducing Accountability to Anonymity Networks

Many anonymous communication (AC) networks rely on routing traffic through proxy nodes to obfuscate the originator of the traffic. Without an accountability mechanism, exit proxy nodes risk sanctions by law enforcement if users commit illegal actions through the AC network. We present BackRef, a generic mechanism for AC networks that provides practical repudiation for the proxy nodes by tracing back the selected outbound traffic to the predecessor node (but not in the forward direction) through a cryptographically verifiable chain. It also provides an option for full (or partial) traceability back to the entry node or even to the corresponding user when all intermediate nodes are cooperating. Moreover, to maintain a good balance between anonymity and accountability, the protocol incorporates whitelist directories at exit proxy nodes. BackRef offers improved deployability over the related work, and introduces a novel concept of pseudonymous signatures that may be of independent interest. We exemplify the utility of BackRef by integrating it into the onion routing (OR) protocol, and examine its deployability by considering several system-level aspects. We also present the security definitions for the BackRef system (namely, anonymity, backward traceability, no forward traceability, and no false accusation) and conduct a formal security analysis of the OR protocol with BackRef using ProVerif, an automated cryptographic protocol verifier, establishing the aforementioned security properties against a strong adversarial model

A multilayer non-repudiation system: a Suite-B approach

&nbsp;Security provisioning is an essential part in the design of any communication systems, which becomes more critical for wireless systems. The consideration and comparisons of security algorithms in various Open Systems Interconnection layers is a difficult task, because there are many performance metrics involved. The aim of this novel research article is to present research results for the design of a wireless system revolving around the practical and low-cost implementation of Suite-B algorithms in different layers. Suite-B, promulgated by the National Security Agency, is a set of cryptographic algorithms, including non-repudiation. The end results include the deployment of Suite-B algorithms at the application, transport, and network layers and the protocol flow at each layer.<br /

nQUIC: Noise-Based QUIC Packet Protection

We present nQUIC, a variant of QUIC-TLS that uses the Noise protocol framework for its key exchange and basis of its packet protector with no semantic transport changes. nQUIC is designed for deployment in systems and for applications that assert trust in raw public keys rather than PKI-based certificate chains. It uses a fixed key exchange algorithm, compromising agility for implementation and verification ease. nQUIC provides mandatory server and optional client authentication, resistance to Key Compromise Impersonation attacks, and forward and future secrecy of traffic key derivation, which makes it favorable to QUIC-TLS for long-lived QUIC connections in comparable applications. We developed two interoperable prototype implementations written in Go and Rust. Experimental results show that nQUIC finishes its handshake in a comparable amount of time as QUIC-TLS

LURK: Server-Controlled TLS Delegation

By design, TLS (Transport Layer Security) is a 2-party, end-to-end protocol. Yet, in practice, TLS delegation is often deployed: that is, middlebox proxies inspect and even modify TLS traffic between the endpoints. Recently, industry-leaders (e.g., Akamai, Cloudflare, Telefonica, Ericcson), standardization bodies (e.g., IETF, ETSI), and academic researchers have proposed numerous ways of achieving safer TLS delegation. We present LURK the LURK (Limited Use of Remote Keys) extension for TLS~1.2, a suite of designs for TLS delegation, where the TLS-server is aware of the middlebox. We implement and test LURK. We also cryptographically prove and formally verify, in Proverif, the security of LURK. Finally, we comprehensively analyze how our designs balance (provable) security and competitive performance

The Pacifican, April 14,1994

https://scholarlycommons.pacific.edu/pacifican/1752/thumbnail.jp

Development of a Drone-Mounted Wireless Attack Platform

The commercial drone market has grown rapidly due to the increasing utility and capabilities of drones. This new found popularity has made it possible for inexpensive drones capable of impressive carry capacities and flight times to reach the consumer market. These new features also offer an invaluable resource to wireless hackers. Capitalizing on their mobility, a wireless hacker can equip a drone with hacking tools to surpass physical security (e.g. fences) with relative ease and reach wireless networks. This research seeks to experimentally evaluate the ability of a drone-mounted wireless attack platform equipped with a directional antenna to conduct wireless attacks effectively at distances greater than 800 meters. To test this hypothesis, the “skypie v2” prototype conducts computer network attacks against a target network and captured data is used to evaluate the effectiveness of the platform. Results showed that capture of a WPA2 handshake was possible at a RSSI of -72 dBm or 2400 meters from a network located in a open field. Additionally, nmap scans were conducted with a RSSI value of -74 dBm or nearly 3000 meters from the target network

Use Of Participatory Apps In Contact Tracing: Options And Implications for Public Health, Privacy and Trust

On December 31st, 2019, the World Health Organisation received a report from the Chinese government detailing a cluster of cases of ‘pneumonia of unknown origin’, later identified as novel coronavirus. The virus, now referred to as COVID-19, quickly spread and was officially declared a global pandemic on March 11th. COVID-19 has put health services under enormous strain globally. Turning to digital methods for collating data on cases, associated symptoms and the routes through which the virus may be spreading has been a common response. Human-powered contact tracing, although resource-intensive, is still considered to be the most effective way of tracking and helping to curtail the spread of infectious diseasesi. Intense efforts are underway to develop digital tools that can augment and automate some of these processes, such as the NHSX app or Singapore’s TraceTogether app, however, these are often beset with technical and privacy-related issues. This report reviews digital approaches that involve citizens as co-actors in efforts to support contact tracing, which may include elements of both location/proximity monitoring and symptom reporting, the latter representing a type of crowdsourced disease surveillance.ii This is approached from the perspectives of public health data needs, privacy-centred architectures, technologies and standards, and digital ethics. The aim is to inform an approach to digital contact tracing that is consistent with Scottish policy around secure, transparent, participatory and privacy-respectful data sharing for health and wellbeing. As such, some of the insights and recommendations are applicable to broader aspects of digital health in Scotland. The report collates expert answers to the following questions: • What are the desirable outcomes arising from the automation of symptom and contact tracing data collection at scale? (Prof Jill Pell, Institute of Health and Wellbeing, University of Glasgow); • How might the distributed system be architected to be secure and respectful of privacy from the outset? (Prof Bill Buchanan, OBE, School of Computing, University of Napier); • What communications standards and methods would best support the approach? (Prof Muhammad Imran, James Watt School of Engineering, University of Glasgow); • What are the ethical challenges and what steps should Scottish Government take to secure public trust? (Prof Claudia Pagliari, Usher Institute, University of Edinburgh

Rise up men of God

https://place.asburyseminary.edu/ecommonsatsdissertations/1056/thumbnail.jp