3,419 research outputs found
RSA Signatures Under Hardware Restrictions
We would like to compute RSA signatures with the help of a Hardware Security Module (HSM). But what can we do when we want to use a certain public exponent that the HSM does not allow or support? Surprisingly, this scenario comes up in real-world settings such as code-signing of Intel SGX enclaves. Intel SGX enclaves have to be signed in order to execute in release mode, using 3072-bit RSA signature scheme with a particular public exponent. However, we encountered commercial hardware security modules that do not support storing RSA keys corresponding to this exponent.
We ask whether it is possible to overcome such a limitation of an HSM and answer it in the affirmative (under stated assumptions). We show how to convert RSA signatures corresponding to one public exponent, to valid RSA signatures corresponding to another exponent. We define security and show that it is not compromised by the additional public knowledge available to an adversary in this setting
Encryption’s Importance to Economic and Infrastructure Security
Det övergripande syftet med den här avhandlingen var att utreda om network coopetition, samarbete mellan konkurrerande aktörer, kan öka värdeskapandet inom hälso- och sjukvården. Inom hälso- och sjukvården är network coopetition ett ämne som fått liten uppmärksamhet i tidigare studier. För att besvara syftet utvecklades en modell för network coopetition inom hälso- och sjukvården. Modellen applicerades sedan på en del av vårdkedjan för patienter i behov av neurokirurgisk vård. Resultaten från avhandlingen visar att: (1) Förutsättningarna för network coopetition i vårdkedjan för patienter i behov av neurokirurgisk vård är uppfyllda. (2) Det finns exempel på horisontell network coopetition i den studerade vårdkedjan. (3) Det existerar en diskrepans mellan hur aktörerna ser på sitt eget och de andra aktörernas värdeskapande. (4) Värdeskapandet bör utvärderas som ett gemensamt system där hänsyn tas till alla aktörer och utvärderas på process- nivå där hänsyn tas till alla intressenter. Dessa resultat leder fram till den övergripande slutsatsen är att network coopetition bör kunna öka värdeskapandet för högspecialiserade vårdkedjor med en stor andel inomlänspatienter.The overall purpose of this thesis was to investigate whether network coopetition, cooperation between competitive actors, can increase the value creation within the health care system. Within health care, network coopetition is a subject granted little attention in previous research. To fulfil the purpose a model for network coopetition within the health care system was developed. The model was the applied to one part of the chain of care for patients in need of neurosurgery. The results from this thesis show: (1) The conditions for network coopetition in the chain of care for patients in need of neurosurgery are fulfilled. (2) Examples of horizontal network coopetition have been found in the studied chain of care. (3) There is an existing discrepancy between how each actor recognizes its own and the other actors’ value creation. (4) The value creation ought to be evaluated as a common system where all actors are taken into account and at a process level where all stakeholders are considered. These results supports the final conclusion that network coopetition ought to be able to increase the value creation for highly specialized chain of cares with a large share of within-county patients
A Mobile Secure Bluetooth-Enabled Cryptographic Provider
The use of digital X509v3 public key certificates, together with different standards
for secure digital signatures are commonly adopted to establish authentication proofs
between principals, applications and services. One of the robustness characteristics commonly
associated with such mechanisms is the need of hardware-sealed cryptographic
devices, such as Hardware-Security Modules (or HSMs), smart cards or hardware-enabled
tokens or dongles. These devices support internal functions for management and storage
of cryptographic keys, allowing the isolated execution of cryptographic operations, with
the keys or related sensitive parameters never exposed.
The portable devices most widely used are USB-tokens (or security dongles) and internal
ships of smart cards (as it is also the case of citizen cards, banking cards or ticketing
cards). More recently, a new generation of Bluetooth-enabled smart USB dongles appeared,
also suitable to protect cryptographic operations and digital signatures for secure
identity and payment applications. The common characteristic of such devices is to offer
the required support to be used as secure cryptographic providers. Among the advantages
of those portable cryptographic devices is also their portability and ubiquitous use, but,
in consequence, they are also frequently forgotten or even lost. USB-enabled devices imply
the need of readers, not always and not commonly available for generic smartphones
or users working with computing devices. Also, wireless-devices can be specialized or
require a development effort to be used as standard cryptographic providers.
An alternative to mitigate such problems is the possible adoption of conventional
Bluetooth-enabled smartphones, as ubiquitous cryptographic providers to be used, remotely,
by client-side applications running in users’ devices, such as desktop or laptop
computers. However, the use of smartphones for safe storage and management of private
keys and sensitive parameters requires a careful analysis on the adversary model assumptions.
The design options to implement a practical and secure smartphone-enabled
cryptographic solution as a product, also requires the approach and the better use of
the more interesting facilities provided by frameworks, programming environments and
mobile operating systems services.
In this dissertation we addressed the design, development and experimental evaluation
of a secure mobile cryptographic provider, designed as a mobile service provided in a smartphone. The proposed solution is designed for Android-Based smartphones and
supports on-demand Bluetooth-enabled cryptographic operations, including standard
digital signatures. The addressed mobile cryptographic provider can be used by applications
running on Windows-enabled computing devices, requesting digital signatures.
The solution relies on the secure storage of private keys related to X509v3 public certificates
and Android-based secure elements (SEs). With the materialized solution, an
application running in a Windows computing device can request standard digital signatures
of documents, transparently executed remotely by the smartphone regarded as a
standard cryptographic provider
An Outline of Security in Wireless Sensor Networks: Threats, Countermeasures and Implementations
With the expansion of wireless sensor networks (WSNs), the need for securing
the data flow through these networks is increasing. These sensor networks allow
for easy-to-apply and flexible installations which have enabled them to be used
for numerous applications. Due to these properties, they face distinct
information security threats. Security of the data flowing through across
networks provides the researchers with an interesting and intriguing potential
for research. Design of these networks to ensure the protection of data faces
the constraints of limited power and processing resources. We provide the
basics of wireless sensor network security to help the researchers and
engineers in better understanding of this applications field. In this chapter,
we will provide the basics of information security with special emphasis on
WSNs. The chapter will also give an overview of the information security
requirements in these networks. Threats to the security of data in WSNs and
some of their counter measures are also presented
How to Issue a Central Bank Digital Currency
With the emergence of Bitcoin and recently proposed stablecoins from BigTechs, such as Diem (formerly Libra), central banks face growing competition from private actors offering their own digital alternative to physical cash. We do not address the normative question whether a central bank should issue a central bank digital currency (CBDC) or not. Instead, we contribute to the current research debate by showing how a central bank could do so, if desired. We propose a token-based system without distributed ledger technology and show how earlier-deployed, software-only electronic cash can be improved upon to preserve transaction privacy, meet regulatory requirements in a compelling way, and offer a level of quantum-resistant protection against systemic privacy risk. Neither monetary policy nor financial stability would be materially affected because a CBDC with this design would replicate physical cash rather than bank deposits
Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials
Personal cryptographic keys are the foundation of many secure services, but
storing these keys securely is a challenge, especially if they are used from
multiple devices. Storing keys in a centralized location, like an
Internet-accessible server, raises serious security concerns (e.g. server
compromise). Hardware-based Trusted Execution Environments (TEEs) are a
well-known solution for protecting sensitive data in untrusted environments,
and are now becoming available on commodity server platforms.
Although the idea of protecting keys using a server-side TEE is
straight-forward, in this paper we validate this approach and show that it
enables new desirable functionality. We describe the design, implementation,
and evaluation of a TEE-based Cloud Key Store (CKS), an online service for
securely generating, storing, and using personal cryptographic keys. Using
remote attestation, users receive strong assurance about the behaviour of the
CKS, and can authenticate themselves using passwords while avoiding typical
risks of password-based authentication like password theft or phishing. In
addition, this design allows users to i) define policy-based access controls
for keys; ii) delegate keys to other CKS users for a specified time and/or a
limited number of uses; and iii) audit all key usages via a secure audit log.
We have implemented a proof of concept CKS using Intel SGX and integrated this
into GnuPG on Linux and OpenKeychain on Android. Our CKS implementation
performs approximately 6,000 signature operations per second on a single
desktop PC. The latency is in the same order of magnitude as using
locally-stored keys, and 20x faster than smart cards.Comment: Extended version of a paper to appear in the 3rd Workshop on
Security, Privacy, and Identity Management in the Cloud (SECPID) 201
How to Issue a Central Bank Digital Currency
With the emergence of Bitcoin and recently proposed stablecoins from
BigTechs, such as Diem (formerly Libra), central banks face growing competition
from private actors offering their own digital alternative to physical cash. We
do not address the normative question whether a central bank should issue a
central bank digital currency (CBDC) or not. Instead, we contribute to the
current research debate by showing how a central bank could do so, if desired.
We propose a token-based system without distributed ledger technology and show
how earlier-deployed, software-only electronic cash can be improved upon to
preserve transaction privacy, meet regulatory requirements in a compelling way,
and offer a level of quantum-resistant protection against systemic privacy
risk. Neither monetary policy nor financial stability would be materially
affected because a CBDC with this design would replicate physical cash rather
than bank deposits.Comment: Swiss National Bank Working Paper3/202
- …