Denial-of-Service Resistance in Key Establishment

Denial of Service (DoS) attacks are an increasing problem for network connected systems. Key establishment protocols are applications that are particularly vulnerable to DoS attack as they are typically required to perform computationally expensive cryptographic operations in order to authenticate the protocol initiator and to generate the cryptographic keying material that will subsequently be used to secure the communications between initiator and responder. The goal of DoS resistance in key establishment protocols is to ensure that attackers cannot prevent a legitimate initiator and responder deriving cryptographic keys without expending resources beyond a responder-determined threshold. In this work we review the strategies and techniques used to improve resistance to DoS attacks. Three key establishment protocols implementing DoS resistance techniques are critically reviewed and the impact of misapplication of the techniques on DoS resistance is discussed. Recommendations on effectively applying resistance techniques to key establishment protocols are made

Cuttlefish: Expressive Fast Path Blockchains with FastUnlock

Cuttlefish addresses several limitations of existing consensus-less and consensus-minimized decentralized ledgers, including restricted programmability and the risk of deadlocked assets. The key insight of Cuttlefish is that consensus in blockchains is necessary due to contention, rather than multiple owners of an asset as suggested by prior work. Previous proposals proactively use consensus to prevent contention from blocking assets, taking a pessimistic approach. In contrast, Cuttlefish introduces collective objects and multi-owner transactions that can offer most of the functionality of classic blockchains when objects transacted on are not under contention. Additionally, in case of contention, Cuttlefish proposes a novel `Unlock' protocol that significantly reduces the latency of unblocking contented objects. By leveraging these features, Cuttlefish implements consensus-less protocols for a broader range of transactions, including asset swaps and multi-signature transactions, which were previously believed to require consensus

Maintaining Integrity for Shared Data In Cloud With Ring Signatures

The wild success of cloud data services bring the cloud commonplace for data to be not only stored in the cloud, but also shared across multiple users. Unfortunately, the integrity of cloud data is subject to skepticism due to the existence of hardware/software failures and human errors. Several mechanisms have been designed to allow both data owners and public verifiers to efficiently audit cloud data integrity without retrieving the entire data from the cloud server. However, public auditing on the integrity of shared data with these existing mechanisms will inevitably reveal confidential information—identity privacy—to public verifiers. In this paper, we propose a novel privacy-preserving mechanism that supports public auditing on shared data stored in the cloud. In particular, we exploit ring signatures to compute verification metadata needed to audit the correctness of shared data. With our mechanism, the identity of the signer on each block in shared data is kept private from public verifiers, who are able to efficiently verify shared data integrity without retrieving the entire file. In addition, our mechanism is able to perform multiple auditing tasks simultaneously instead of verifying them one by one. Our experimental results demonstrate the effectiveness and efficiency of our mechanism when auditing shared data integrity

Modular Design of KEM-Based Authenticated Key Exchange

A key encapsulation mechanism (KEM) is a basic building block for key exchange which must be combined with long-term keys in order to achieve authenticated key exchange (AKE). Although several KEM-based AKE protocols have been proposed, KEM-based modular building blocks are not available. We provide a KEM-based authenticator and a KEM-based protocol in the Authenticated Links model (AM), in the terminology of Canetti and Krawczyk (2001). Using these building blocks we achieve a set of generic AKE protocols. By instantiating these with post-quantum secure primitives we are able to propose several new post-quantum secure AKE protocols

Utilization Of Ring Signatures To Construct Homomorphic Authenticators In ORUTA To Verify The Integrity of Shared Data

It is practiced for users to influence cloud storage services to contribute to data with others in a group as data sharing develop into a standard feature in most cloud storage offerings including Drop box, iCloud andGoogle Drive. The reliability of data in cloud storage though is matterto scepticism and scrutiny as data stored in the cloud can without problems be lost or corrupted due to the foreseeable hardware/ software failures and human errors. To formulate this substance even worse cloud service providers may be unenthusiastic to inform users about these data errors in order to retain the reputation of their services and shun losing profits. Consequently the veracity of cloud data should be confirmed before any data utilization such as search or computation over cloud data

Securing openHAB Smart Home Through User Authentication and Authorization

Asjade Internet ehk värkvõrk on dünaamiline ja heterogeenne keskkond, kus asjad koguvad erinevate ülesannete täitmiseks keskkonnast andmeid. Värkvõrgu rakendusvaldkondades nagu näiteks tark kodu kasutatakse harilikult operatsioonide täitmisel kasutaja privaatandmeid. Kui sellised rakendused on turvamata võrkudele avatud, muutub turvalisus oluliseks probleemiks. OpenHAB on OSGi-põhine automatiseerimistarkvara, mis koondab kodukeskkonna seadmete andmeid. OpenHAB ei tee kasutajatele ligipääsu reguleerimismehhanismide kasutamist kohustuslikuks ning sõltub seega täielikult juhtmevaba võrgu turvalisusest. Käesolevas lõputöös uurisime ning arendasime JSON Web Token’i-põhist tõendi autenturit Eclipse SmartHome platvormile, millel põhineb ka openHAB. Tõendi autentur on baasiks ligipääsu reguleerimismehhanismile. Lisaks esitleme kasutatavat volitusmudelit, mis võimaldab hallata kasutajate ligipääsuõigusi asjadele. Saavutatud tulemused osutavad, et ligipääsu reguleerimismehhanismide rakendamine servlet-ide ja REST ressursside jaoks openHABi arhitektuuris on teostatav.The Internet of Things (IoT) is a dynamic and heterogenous environment where Things gather data from the real world to perform various tasks. Applications in IoT, such as the smart home, typically use private data derived from its users for its operations. Security becomes a concern when these applications are exposed to insecure networks. OpenHAB is an OSGi-based automation software that integrates the data from devices at home. OpenHAB does not enforce any access control mechanism for its users, and depends solely on the security of the wireless network. In this work, we studied and implemented a JSON Web Token-based authenticator for Eclipse SmartHome, the core of openHAB, as a base for access control mechanisms. Furthermore, we propose a fine-grained, yet usable authorization model to manage access permissions to things among legitimate users. The results obtained show that it is feasible to enforce access control mechanisms for servlet and REST resources in the architecture of openHAB