464 research outputs found
Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning
The secret keys of critical network authorities - such as time, name,
certificate, and software update services - represent high-value targets for
hackers, criminals, and spy agencies wishing to use these keys secretly to
compromise other hosts. To protect authorities and their clients proactively
from undetected exploits and misuse, we introduce CoSi, a scalable witness
cosigning protocol ensuring that every authoritative statement is validated and
publicly logged by a diverse group of witnesses before any client will accept
it. A statement S collectively signed by W witnesses assures clients that S has
been seen, and not immediately found erroneous, by those W observers. Even if S
is compromised in a fashion not readily detectable by the witnesses, CoSi still
guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to
risk that the compromise will soon be detected by one of the W witnesses.
Because clients can verify collective signatures efficiently without
communication, CoSi protects clients' privacy, and offers the first
transparency mechanism effective against persistent man-in-the-middle attackers
who control a victim's Internet access, the authority's secret key, and several
witnesses' secret keys. CoSi builds on existing cryptographic multisignature
methods, scaling them to support thousands of witnesses via signature
aggregation over efficient communication trees. A working prototype
demonstrates CoSi in the context of timestamping and logging authorities,
enabling groups of over 8,000 distributed witnesses to cosign authoritative
statements in under two seconds.Comment: 20 pages, 7 figure
Trustchain -- Trustworthy Decentralised Public Key Infrastructure for Digital Credentials
The sharing of public key information is central to the digital credential
security model, but the existing Web PKI with its opaque Certification
Authorities and synthetic attestations serves a very different purpose. We
propose a new approach to decentralised public key infrastructure, designed for
digital identity, in which connections between legal entities that are
represented digitally correspond to genuine, pre-existing relationships between
recognisable institutions. In this scenario, users can judge for themselves the
level of trust they are willing to place in a given chain of attestations. Our
proposal includes a novel mechanism for establishing a root of trust in a
decentralised setting via independently-verifiable timestamping. We also
present a reference implementation built on open networks, protocols and
standards. The system has minimal setup costs and is freely available for any
community to adopt as a digital public good.Comment: 10 pages, 4 figures, presented at the International Conference on AI
and the Digital Economy (CADE 2023), Venice, Italy. Replaces the preprint
version, with minor changes & additions based on reviewers' comment
tauJUpdate: A Temporal Update Language for JSON Data
Time-varying JSON data are being used and exchanged in
various today's application frameworks like IoT platforms, Web services,
cloud computing, online social networks, and mobile systems. However,
in the state-of-the-art of JSON data management, there is neither a
consensual nor a standard language for updating (i.e., inserting, modifying,
and deleting) temporal JSON data, like the TSQL2 or SQL:2016
language for temporal relational data. Moreover, existing JSON-based
NoSQL DBMSs (e.g., MongoDB, Couchbase, CouchDB, OrientDB, and
Riak) and both commercial DBMSs (e.g., IBM DB2 12, Oracle 19c, and
MS SQL Server 2019) and open-source ones (e.g., PostgreSQL 15, and
MySQL 8.0) do not provide any support for maintaining temporal JSON
data. Also in our previously proposed temporal JSON framework, called
tauJSchema, there was no feature for temporal JSON instance update. For
these reasons, we propose in this paper a temporal update language,
named tauJUpdate (Temporal JUpdate), for JSON data in the tauJSchema
environment. We define it as a temporal extension of our previously introduced
non-temporal JSON update language, named JUpdate (JSON
Update). Both the syntax and the semantics of the data modification
operations of JUpdate have been extended to support temporal aspects.
tauJUpdate allows (i) to specify temporal JSON updates in a user-friendly
manner, and (ii) to efficiently execute them
Reviewed Study on Novel Search Mechanism for Web Mining
There are many methodologies for finding patterns in the client's navigation. For instance, acquaints new calculations with retrieve taxonomy of a solitary web webpage from the snap floods of its clients. They have developed a framework to discover how the time influences the client conduct while surfing a web page. That is, they segment the logs of navigation of the clients in various time intervals; and after that they find what time intervals truly meddle with the client conduct
A Framework for Verifying the Fixity of Archived Web Resources
The number of public and private web archives has increased, and we implicitly trust content delivered by these archives. Fixity is checked to ensure that an archived resource has remained unaltered (i.e., fixed) since the time it was captured. Currently, end users do not have the ability to easily verify the fixity of content preserved in web archives. For instance, if a web page is archived in 1999 and replayed in 2019, how do we know that it has not been tampered with during those 20 years? In order for the users of web archives to verify that archived web resources have not been altered, they should have access to fixity information associated with these resources. However, most web archives do not allow accessing fixity information and, more importantly, even if fixity information is available, it is provided by the same archive delivering the resource, not by an independent archive or service.
In this research, we present a framework for establishing and checking the fixity on the playback of archived resources, or mementos. The framework defines an archive-aware hashing function that consists of several guidelines for generating repeatable fixity information on the playback of mementos. These guidelines are results of our 14-month study for identifying and quantifying changes in replayed mementos over time that affect generating repeatable fixity information. Changes on the playback of mementos may be caused by JavaScript, transient errors, inconsistency in the availability of mementos over time, and archive-specific resources. Changes are also caused by transformations in the content of archived resources applied by web archives to appropriately replay these resources in a user’s browser. The study also shows that only 11.55% of mementos always produce the same fixity information after each replay, while about 16.06% of mementos always produce different fixity information after each replay. The remaining 72.39% of mementos produce multiple unique fixity information. We also find that mementos may disappear when web archives move to different domains or archives.
In addition to defining multiple guidelines for generating fixity information, the framework introduces two approaches, Atomic and Block, that can be used to disseminate fixity information to web archives. The main difference between the two approaches is that, in the Atomic approach, the fixity information of each archived web page is stored in a separate file before being disseminated to several on-demand web archives, while in the Block approach, we batch together fixity information of multiple archived pages to a single binary-searchable file before being disseminated to archives. The framework defines the structure of URLs used to publish fixity information on the web and retrieve archived fixity information from web archives. Our framework does not require changes in the current web archiving infrastructure, and it is built based on well-known web archiving standards, such as the Memento protocol. The proposed framework will allow users to generate fixity information on any archived page at any time, preserve the fixity information independently from the archive delivering the archived page, and verify the fixity of the archived page at any time in the future
- …