10 research outputs found
Insecure by Design: Protocols for Encrypted Phone Calls
Get PDFIt is increasingly clear that existing phone security mechanisms are inadequate and that change is necessary. Instead of protecting phone conversations from eavesdropping, the UK government's proposed voice encryption standard appears to be designed to facilitate undetectable mass surveillance
Options for Securing RTP Sessions
Get PDFThe Real-time Transport Protocol (RTP) is used in a large number of
different application domains and environments. This heterogeneity
implies that different security mechanisms are needed to provide
services such as confidentiality, integrity, and source
authentication of RTP and RTP Control Protocol (RTCP) packets
suitable for the various environments. The range of solutions makes
it difficult for RTP-based application developers to pick the most
suitable mechanism. This document provides an overview of a number
of security solutions for RTP and gives guidance for developers on
how to choose the appropriate security mechanism
How to Survive Identity Management in the Industry 4.0 Era
Get PDFIndustry 4.0 heavily builds on massive deployment of Industrial Internet of Things (IIoT) devices to monitor every aspect of the manufacturing processes. Since the data gathered by these devices impact the output of critical processes, identity management and communications security are critical aspects, which commonly rely on the deployment of X.509 certificates. Nevertheless, the provisioning and management of individual certificates for a high number of IIoT devices involves important challenges. In this paper, we present a solution to improve the management of digital certificates in IIoT environments, which relies on partially delegating the certificate enrolment process to an edge server. However, in order to preserve end-to-end security, private keys are never delegated. Additionally, for the protection of the communications between the edge server and the IIoT devices, an approach based on Identity Based Cryptography is deployed. The proposed solution considers also the issuance of very short-lived certificates, which reduces the risk of using expired or compromised certificates, and avoids the necessity of implementing performance expensive protocols such as Online Certificate Status Protocol (OCSP). The proposed solution has been successfully tested as an efficient identity management solution for IIoT environments in a real industrial environment.This work was supported in part by the Spanish Ministry of Science and Innovation through the National Towards zeRo toUch nEtwork and services for beyond 5G (TRUE-5G) Project under Grant PID2019-108713RB-C53, in part by the European Commission through the Electronic Components and Systems for European Leadership-Joint Undertaking (ECSEL-JU) 2018 Program under the framework of key enabling technologies for safe and autonomous drones' applications (COMP4DRONES) Project under Grant 826610, with the national financing from France, Spain, Italy, The Netherlands, Austria, Czech, Belgium, and Latvia, in part by the Ayudas Cervera para Centros Tecnologicos Grant of the Spanish Centre for the Development of Industrial Technology (CDTI) through the Project EGIDA under Grant CER-20191012, and in part by the Basque Country Government through the Creating Trust in the Industrial Digital Transformation (TRUSTIND) ELKARTEK Program Project under Grant KK-2020/00054
Options for Securing RTP Sessions
Get PDFThe Real-time Transport Protocol (RTP) is used in a large number of
different application domains and environments. This heterogeneity
implies that different security mechanisms are needed to provide
services such as confidentiality, integrity, and source
authentication of RTP and RTP Control Protocol (RTCP) packets
suitable for the various environments. The range of solutions makes
it difficult for RTP-based application developers to pick the most
suitable mechanism. This document provides an overview of a number
of security solutions for RTP and gives guidance for developers on
how to choose the appropriate security mechanism
Identity-Based Higncryption
Get PDFIdentity-based cryptography (IBC) is fundamental to security and privacy protection. Identity-based authenticated encryption (i.e., signcryption) is an important IBC primitive, which has numerous and promising applications. After two decades of research on signcryption,recently a new cryptographic primitive, named higncryption, was proposed. Higncryption can be viewed as privacy-enhanced signcryption, which integrates public key encryption, entity authentication, and identity concealment (which is not achieved in signcryption) into a monolithic primitive. Here, briefly speaking, identity concealment means that the transcript of protocol runs should not leak participants\u27 identity information.
In this work, we propose the first identity-based higncryption (IBHigncryption). The most impressive feature of IBHigncryption, among others, is its simplicity and efficiency. The proposed IBHigncryption scheme is essentially as efficient as the fundamental CCA-secure Boneh-Franklin IBE scheme [18], while offering entity authentication and identity concealment simultaneously. Compared to the identity-based signcryption scheme [11],
which is adopted in the IEEE P1363.3 standard, our IBHigncryption scheme is much simpler, and has significant efficiency advantage in total. Besides, our IBHigncryption enjoys forward ID-privacy, receiver deniability and x-security simultaneously. In addition, the proposed IBHigncryption has a much simpler setup stage with smaller public parameters, which in particular does not have the traditional master public key.
Higncryption is itself one-pass identity-concealed authenticated key exchange without forward security for the receiver. Finally, by applying the transformation from higncryption to identity-concealed authenticated key exchange (CAKE), we get three-pass identity-based CAKE (IB-CAKE) with explicit mutual authentication and strong security (in particular, perfect forward security for both players). Specifically, the IB-CAKE protocol involves the composition of two runs of IBHigncryption, and has the following advantageous features inherited from IBHigncryption: (1) single pairing operation: each player performs only a single pairingoperation; (2) forward ID-privacy; (3) simple setup without master public key; (4) strong resilience to ephemeral state exposure, i.e., x-security; (5) reasonable deniability
ID-based public key cryptographic systems
Get PDFΠ Π°ΡΡΠΌΠΎΡΡΠ΅Π½Ρ ΠΎΡΠΎΠ±Π΅Π½Π½ΠΎΡΡΠΈ ΠΏΡΠ°ΠΊΡΠΈΡΠ΅ΡΠΊΠΎΠ³ΠΎ ΠΏΡΠΈΠΌΠ΅Π½Π΅Π½ΠΈΡ ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΡ
ΡΠΈΡΡΠ΅ΠΌ Ρ ΠΎΡΠΊΡΡΡΡΠΌΠΈ ΠΊΠ»ΡΡΠ°ΠΌΠΈ Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅ ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΎΡΠΎΠ². ΠΡΠ΄Π΅Π»Π΅Π½Ρ ΠΌΠ°ΡΠ΅ΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠ΅ Π·Π°Π΄Π°ΡΠΈ ΠΈ ΠΊΠΎΠ½ΡΡΡΡΠΊΡΠΈΠΈ, ΠΏΡΠΈΠ²Π΅Π΄Π΅Π½Ρ ΠΎΡΠ½ΠΎΠ²Π½ΡΠ΅ ΠΏΠΎΠ΄Ρ
ΠΎΠ΄Ρ ΠΊ ΠΏΠΎΡΡΡΠΎΠ΅Π½ΠΈΡ ΡΠΈΡΡΠ΅ΠΌ ΡΠΈΡΡΠΎΠ²Π°Π½ΠΈΡ, ΡΠΈΡΡΠΎΠ²ΠΎΠΉ ΠΏΠΎΠ΄ΠΏΠΈΡΠΈ, Π°ΡΡΠ΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΠΈ ΡΡΠΎΡΠΎΠ½ ΠΈ ΠΊΠ»ΡΡΠ΅Π²ΡΡ
ΡΠΈΡΡΠ΅ΠΌ Ρ ΠΎΡΠΊΡΡΡΡΠΌΠΈ ΠΊΠ»ΡΡΠ°ΠΌΠΈ Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅ ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΎΡΠΎΠ²
