275 research outputs found
Denial-of-Service Resistance in Key Establishment
Denial of Service (DoS) attacks are an increasing problem for network connected systems. Key establishment protocols are applications that are particularly vulnerable to DoS attack as they are typically required to perform computationally expensive cryptographic operations in order to authenticate the protocol initiator and to generate the cryptographic keying material that will subsequently be used to secure the communications between initiator and responder. The goal of DoS resistance in key establishment protocols is to ensure that attackers cannot prevent a legitimate initiator and responder deriving cryptographic keys without expending resources beyond a responder-determined threshold. In this work we review the strategies and techniques used to improve resistance to DoS attacks. Three key establishment protocols implementing DoS resistance techniques are critically reviewed and the impact of misapplication of the techniques on DoS resistance is discussed. Recommendations on effectively applying resistance techniques to key establishment protocols are made
Cuttlefish: Expressive Fast Path Blockchains with FastUnlock
Cuttlefish addresses several limitations of existing consensus-less and
consensus-minimized decentralized ledgers, including restricted programmability
and the risk of deadlocked assets. The key insight of Cuttlefish is that
consensus in blockchains is necessary due to contention, rather than multiple
owners of an asset as suggested by prior work. Previous proposals proactively
use consensus to prevent contention from blocking assets, taking a pessimistic
approach. In contrast, Cuttlefish introduces collective objects and multi-owner
transactions that can offer most of the functionality of classic blockchains
when objects transacted on are not under contention. Additionally, in case of
contention, Cuttlefish proposes a novel `Unlock' protocol that significantly
reduces the latency of unblocking contented objects. By leveraging these
features, Cuttlefish implements consensus-less protocols for a broader range of
transactions, including asset swaps and multi-signature transactions, which
were previously believed to require consensus
Maintaining Integrity for Shared Data In Cloud With Ring Signatures
The wild success of cloud data services bring the cloud commonplace for data to be not only stored in the cloud, but also shared across multiple users. Unfortunately, the integrity of cloud data is subject to skepticism due to the existence of hardware/software failures and human errors. Several mechanisms have been designed to allow both data owners and public verifiers to efficiently audit cloud data integrity without retrieving the entire data from the cloud server. However, public auditing on the integrity of shared data with these existing mechanisms will inevitably reveal confidential informationâidentity privacyâto public verifiers. In this paper, we propose a novel privacy-preserving mechanism that supports public auditing on shared data stored in the cloud. In particular, we exploit ring signatures to compute verification metadata needed to audit the correctness of shared data. With our mechanism, the identity of the signer on each block in shared data is kept private from public verifiers, who are able to efficiently verify shared data integrity without retrieving the entire file. In addition, our mechanism is able to perform multiple auditing tasks simultaneously instead of verifying them one by one. Our experimental results demonstrate the effectiveness and efficiency of our mechanism when auditing shared data integrity
Modular Design of KEM-Based Authenticated Key Exchange
A key encapsulation mechanism (KEM) is a basic building block for key exchange which must be combined with long-term keys in order to achieve authenticated key exchange (AKE). Although several KEM-based AKE protocols have been proposed, KEM-based modular building blocks are not available. We provide a KEM-based authenticator and a KEM-based protocol in the Authenticated Links model (AM), in the terminology of Canetti and Krawczyk (2001). Using these building blocks we achieve a set of generic AKE protocols. By instantiating these with post-quantum secure primitives we are able to propose several new post-quantum secure AKE protocols
Utilization Of Ring Signatures To Construct Homomorphic Authenticators In ORUTA To Verify The Integrity of Shared Data
It is practiced for users to influence cloud storage services to contribute to data with others in a group as data sharing develop into a standard feature in most cloud storage offerings including Drop box, iCloud andGoogle Drive. The reliability of data in cloud storage though is matterto scepticism and scrutiny as data stored in the cloud can without problems be lost or corrupted due to the foreseeable hardware/ software failures and human errors. To formulate this substance even worse cloud service providers may be unenthusiastic to inform users about these data errors in order to retain the reputation of their services and shun losing profits. Consequently the veracity of cloud data should be confirmed before any data utilization such as search or computation over cloud data
Securing openHAB Smart Home Through User Authentication and Authorization
Asjade Internet ehk vĂ€rkvĂ”rk on dĂŒnaamiline ja heterogeenne keskkond, kus asjad koguvad erinevate ĂŒlesannete tĂ€itmiseks keskkonnast andmeid. VĂ€rkvĂ”rgu rakendusvaldkondades nagu nĂ€iteks tark kodu kasutatakse harilikult operatsioonide tĂ€itmisel kasutaja privaatandmeid. Kui sellised rakendused on turvamata vĂ”rkudele avatud, muutub turvalisus oluliseks probleemiks. OpenHAB on OSGi-pĂ”hine automatiseerimistarkvara, mis koondab kodukeskkonna seadmete andmeid. OpenHAB ei tee kasutajatele ligipÀÀsu reguleerimismehhanismide kasutamist kohustuslikuks ning sĂ”ltub seega tĂ€ielikult juhtmevaba vĂ”rgu turvalisusest. KĂ€esolevas lĂ”putöös uurisime ning arendasime JSON Web Tokenâi-pĂ”hist tĂ”endi autenturit Eclipse SmartHome platvormile, millel pĂ”hineb ka openHAB. TĂ”endi autentur on baasiks ligipÀÀsu reguleerimismehhanismile. Lisaks esitleme kasutatavat volitusmudelit, mis vĂ”imaldab hallata kasutajate ligipÀÀsuĂ”igusi asjadele. Saavutatud tulemused osutavad, et ligipÀÀsu reguleerimismehhanismide rakendamine servlet-ide ja REST ressursside jaoks openHABi arhitektuuris on teostatav.The Internet of Things (IoT) is a dynamic and heterogenous environment where Things gather data from the real world to perform various tasks. Applications in IoT, such as the smart home, typically use private data derived from its users for its operations. Security becomes a concern when these applications are exposed to insecure networks. OpenHAB is an OSGi-based automation software that integrates the data from devices at home. OpenHAB does not enforce any access control mechanism for its users, and depends solely on the security of the wireless network. In this work, we studied and implemented a JSON Web Token-based authenticator for Eclipse SmartHome, the core of openHAB, as a base for access control mechanisms. Furthermore, we propose a fine-grained, yet usable authorization model to manage access permissions to things among legitimate users. The results obtained show that it is feasible to enforce access control mechanisms for servlet and REST resources in the architecture of openHAB
- âŠ