19,488 research outputs found
To Share or Not to Share in Client-Side Encrypted Clouds
With the advent of cloud computing, a number of cloud providers have arisen
to provide Storage-as-a-Service (SaaS) offerings to both regular consumers and
business organizations. SaaS (different than Software-as-a-Service in this
context) refers to an architectural model in which a cloud provider provides
digital storage on their own infrastructure. Three models exist amongst SaaS
providers for protecting the confidentiality data stored in the cloud: 1) no
encryption (data is stored in plain text), 2) server-side encryption (data is
encrypted once uploaded), and 3) client-side encryption (data is encrypted
prior to upload). This paper seeks to identify weaknesses in the third model,
as it claims to offer 100% user data confidentiality throughout all data
transactions (e.g., upload, download, sharing) through a combination of Network
Traffic Analysis, Source Code Decompilation, and Source Code Disassembly. The
weaknesses we uncovered primarily center around the fact that the cloud
providers we evaluated were each operating in a Certificate Authority capacity
to facilitate data sharing. In this capacity, they assume the role of both
certificate issuer and certificate authorizer as denoted in a Public-Key
Infrastructure (PKI) scheme - which gives them the ability to view user data
contradicting their claims of 100% data confidentiality. We have collated our
analysis and findings in this paper and explore some potential solutions to
address these weaknesses in these sharing methods. The solutions proposed are a
combination of best practices associated with the use of PKI and other
cryptographic primitives generally accepted for protecting the confidentiality
of shared information
Personal Data Security: Divergent Standards in the European Union and the United States
This Note argues that the U.S. Government should discontinue all attempts to establish EES as the de facto encryption standard in the United States because the economic disadvantages associated with widespread implementation of EES outweigh the advantages this advanced data security system provides. Part I discusses the EU\u27s legislative efforts to ensure personal data security and analyzes the evolution of encryption technology in the United States. Part II examines the methods employed by the U.S. Government to establish EES as the de facto U.S. encryption standard. Part III argues that the U.S. Government should terminate its effort to establish EES as the de facto U.S. encryption standard and institute an alternative standard that ensures continued U.S. participation in the international marketplace
Longitude : a privacy-preserving location sharing protocol for mobile applications
Location sharing services are becoming increasingly popular. Although many location sharing services allow users to set up privacy policies to control who can access their location, the use made by service providers remains a source of concern. Ideally, location sharing providers and middleware should not be able to access usersā location data without their consent. In this paper, we propose a new location sharing protocol called Longitude that eases privacy concerns by making it possible to share a userās location data blindly and allowing the user to control who can access her location, when and to what degree of precision. The underlying cryptographic algorithms are designed for GPS-enabled mobile phones. We describe and evaluate our implementation for the Nexus One Android mobile phone
Experimental demonstration of an isotope-sensitive warhead verification technique using nuclear resonance fluorescence
Future nuclear arms reduction efforts will require technologies to verify
that warheads slated for dismantlement are authentic without revealing any
sensitive weapons design information to international inspectors. Despite
several decades of research, no technology has met these requirements
simultaneously. Recent work by Kemp et al. [Kemp RS, Danagoulian A, Macdonald
RR, Vavrek JR (2016) Proc Natl Acad Sci USA 113:8618--8623] has produced a
novel physical cryptographic verification protocol that approaches this treaty
verification problem by exploiting the isotope-specific nature of nuclear
resonance fluorescence (NRF) measurements to verify the authenticity of a
warhead. To protect sensitive information, the NRF signal from the warhead is
convolved with that of an encryption foil that contains key warhead isotopes in
amounts unknown to the inspector. The convolved spectrum from a candidate
warhead is statistically compared against that from an authenticated template
warhead to determine whether the candidate itself is authentic. Here we report
on recent proof-of-concept warhead verification experiments conducted at the
Massachusetts Institute of Technology. Using high-purity germanium (HPGe)
detectors, we measured NRF spectra from the interrogation of proxy 'genuine'
and 'hoax' objects by a 2.52 MeV endpoint bremsstrahlung beam. The observed
differences in NRF intensities near 2.2 MeV indicate that the physical
cryptographic protocol can distinguish between proxy genuine and hoax objects
with high confidence in realistic measurement times.Comment: 38 pages, 19 figures; revised for peer review and copy editing;
addition to SI for realistic scenario projections; minor length reduction for
journal requirement
Performance Considerations for an Embedded Implementation of OMA DRM 2
As digital content services gain importance in the mobile world, Digital
Rights Management (DRM) applications will become a key component of mobile
terminals. This paper examines the effect dedicated hardware macros for
specific cryptographic functions have on the performance of a mobile terminal
that supports version 2 of the open standard for Digital Rights Management
defined by the Open Mobile Alliance (OMA). Following a general description of
the standard, the paper contains a detailed analysis of the cryptographic
operations that have to be carried out before protected content can be
accessed. The combination of this analysis with data on execution times for
specific algorithms realized in hardware and software has made it possible to
build a model which has allowed us to assert that hardware acceleration for
specific cryptographic algorithms can significantly reduce the impact DRM has
on a mobile terminal's processing performance and battery life.Comment: Submitted on behalf of EDAA (http://www.edaa.com/
- ā¦