159,640 research outputs found
Tests for Establishing Security Properties
Ensuring strong security properties in some cases requires participants to carry out tests during the execution of a protocol. A classical example is electronic voting: participants are required to verify the presence of their ballots on a bulletin board, and to verify the computation of the election outcome. The notion of certificate transparency is another example, in which participants in the protocol are required to perform tests to verify the integrity of a certificate log.
We present a framework for modelling systems with such `testable properties', using the applied pi calculus. We model the tests that are made by participants in order to obtain the security properties. Underlying our work is an attacker model called ``malicious but cautious'', which lies in between the Dolev-Yao model and the ``honest but curious'' model. The malicious-but-cautious model is appropriate for cloud computing providers that are potentially malicious but are assumed to be cautious about launching attacks that might cause user tests to fail
Formal security analysis of registration protocols for interactive systems: a methodology and a case of study
In this work we present and formally analyze CHAT-SRP (CHAos based
Tickets-Secure Registration Protocol), a protocol to provide interactive and
collaborative platforms with a cryptographically robust solution to classical
security issues. Namely, we focus on the secrecy and authenticity properties
while keeping a high usability. In this sense, users are forced to blindly
trust the system administrators and developers. Moreover, as far as we know,
the use of formal methodologies for the verification of security properties of
communication protocols isn't yet a common practice. We propose here a
methodology to fill this gap, i.e., to analyse both the security of the
proposed protocol and the pertinence of the underlying premises. In this
concern, we propose the definition and formal evaluation of a protocol for the
distribution of digital identities. Once distributed, these identities can be
used to verify integrity and source of information. We base our security
analysis on tools for automatic verification of security protocols widely
accepted by the scientific community, and on the principles they are based
upon. In addition, it is assumed perfect cryptographic primitives in order to
focus the analysis on the exchange of protocol messages. The main property of
our protocol is the incorporation of tickets, created using digests of chaos
based nonces (numbers used only once) and users' personal data. Combined with a
multichannel authentication scheme with some previous knowledge, these tickets
provide security during the whole protocol by univocally linking each
registering user with a single request. [..]Comment: 32 pages, 7 figures, 8 listings, 1 tabl
DTKI: a new formalized PKI with no trusted parties
The security of public key validation protocols for web-based applications
has recently attracted attention because of weaknesses in the certificate
authority model, and consequent attacks.
Recent proposals using public logs have succeeded in making certificate
management more transparent and verifiable. However, those proposals involve a
fixed set of authorities. This means an oligopoly is created. Another problem
with current log-based system is their heavy reliance on trusted parties that
monitor the logs.
We propose a distributed transparent key infrastructure (DTKI), which greatly
reduces the oligopoly of service providers and allows verification of the
behaviour of trusted parties. In addition, this paper formalises the public log
data structure and provides a formal analysis of the security that DTKI
guarantees.Comment: 19 page
Recommended from our members
LEE: LightâWeight EnergyâEfficient encryption algorithm for sensor networks
Data confidentiality in wireless sensor networks is mainly achieved by RC5 and Skipjack encryption algorithms. However, both algorithms have their weaknesses, for example RC5 supports variable-bit rotations, which are computationally expensive operations and Skipjack uses a key length of 80-bits, which is subject to brute force attack. In this paper we introduce a light-weight energy- fficient encryption-algorithm (LEE) for tiny embedded devices, such as sensor network nodes. We present experimental results of LEE under real sensor nodes operating in TinyOS. We also discuss the secrecy of our algorithm by presenting a security analysis of various tests and cryptanalytic attacks
The Role of Evidence in Establishing Trust in Repositories
This article arises from work by the Digital Curation Centre (DCC) Working Group examining mechanisms to roll out audit and certification services for digital repositories in the United Kingdom. Our attempt to develop a program for applying audit and certification processes and tools took as its starting point the RLG-NARA Audit Checklist for Certifying Digital Repositories. Our intention was to appraise critically the checklist and conceive a means of applying its mechanics within a diverse range of repository environments. We were struck by the realization that while a great deal of effort has been invested in determining the characteristics of a 'trusted digital repository', far less effort has concentrated on the ways in which the presence of the attributes can be demonstrated and their qualities measured. With this in mind we sought to explore the role of evidence within the certification process, and to identify examples of the types of evidence (e.g., documentary, observational, and testimonial) that might be desirable during the course of a repository audit.
Peer-to-Peer Communication Across Network Address Translators
Network Address Translation (NAT) causes well-known difficulties for
peer-to-peer (P2P) communication, since the peers involved may not be reachable
at any globally valid IP address. Several NAT traversal techniques are known,
but their documentation is slim, and data about their robustness or relative
merits is slimmer. This paper documents and analyzes one of the simplest but
most robust and practical NAT traversal techniques, commonly known as "hole
punching." Hole punching is moderately well-understood for UDP communication,
but we show how it can be reliably used to set up peer-to-peer TCP streams as
well. After gathering data on the reliability of this technique on a wide
variety of deployed NATs, we find that about 82% of the NATs tested support
hole punching for UDP, and about 64% support hole punching for TCP streams. As
NAT vendors become increasingly conscious of the needs of important P2P
applications such as Voice over IP and online gaming protocols, support for
hole punching is likely to increase in the future.Comment: 8 figures, 1 tabl
Quantitative analysis of the leakage of confidential data
Basic information theory is used to analyse the amount of confidential information which may be leaked by programs written in a very simple imperative language. In particular, a detailed analysis is given of the possible leakage due to equality tests and if statements. The analysis is presented as a set of syntax-directed inference rules and can readily be automated
- âŠ