Matrix powers algorithms for trust evaluation in PKI architectures

This paper deals with the evaluation of trust in public-key infrastructures. Different trust models have been proposed to interconnect the various PKI components in order to propagate the trust between them. In this paper we provide a new polynomial algorithm using linear algebra to assess trust relationships in a network using different trust evaluation schemes. The advantages are twofold: first the use of matrix computations instead of graph algorithms provides an optimized computational solution; second, our algorithm can be used for generic graphs, even in the presence of cycles. Our algorithm is designed to evaluate the trust using all existing (finite) trust paths between entities as a preliminary to any exchanges between PKIs. This can give a precise evaluation of trust, and accelerate for instance cross-certificate validation

BGrep and BDiff: UNIX Tools for High-Level Languages

The rise in high-level languages for system administrators requires us to rethink traditional UNIX tools designed for these older data formats. We propose new block-oriented tools, bgrep and bdiff, operating on syntactic blocks of code rather than the line, the traditional information container of UNIX. Transcending the line number allows us to introduce longitudinal diff, a mode of bdiff that lets us track changes across arbitrary blocks of code. We present a detailed implementation roadmap and evaluation framework for the full version of this paper. In addition we demonstrate how the design of our tools already addresses several real-wold problems faced by network administrators to maintain security policy

Certificate validation in untrusted domains

Authentication is a vital part of establishing secure, online transactions and Public key Infrastructure (PKI) plays a crucial role in this process for a relying party. A PKI certificate provides proof of identity for a subject and it inherits its trustworthiness from the fact that its issuer is a known (trusted) Certification Authority (CA) that vouches for the binding between a public key and a subject's identity. Certificate Policies (CPs) are the regulations recognized by PKI participants and they are used as a basis for the evaluation of the trust embodied in PKI certificates. However, CPs are written in natural language which can lead to ambiguities, spelling errors, and a lack of consistency when describing the policies. This makes it difficult to perform comparison between different CPs. This thesis offers a solution to the problems that arise when there is not a trusted CA to vouch for the trust embodied in a certificate. With the worldwide, increasing number of online transactions over Internet, it has highly desirable to find a method for authenticating subjects in untrusted domains. The process of formalisation for CPs described in this thesis allows their semantics to be described. The formalisation relies on the XML language for describing the structure of the CP and the formalization process passes through three stages with the outcome of the last stage being 27 applicable criteria. These criteria become a tool assisting a relying party to decide the level of trust that he/she can place on a subject certificate. The criteria are applied to the CP of the issuer of the subject certificate. To test their validity, the criteria developed have been examined against the UNCITRAL Model Law for Electronic Signatures and they are able to handle the articles of the UNCITRAL law. Finally, a case study is conducted in order to show the applicability of the criteria. A real CPs have been used to prove their applicability and convergence. This shows that the criteria can handle the correspondence activities defined in a real CPs adequately.EThOS - Electronic Theses Online ServiceKing Abdulaziz UniversityGBUnited Kingdo

An FPGA Software Defined Radio Platform with a High-Level Synthesis Design Flow

International audienceSoftware defined radio (SDR) opens a new door to future Internet of Things with higher degree of designing flexibility in context of wireless system development. Prototyping a remote implementation of wireless protocols on a hardware over the web requires a highly versatile software radio platform along with laid-back designing tools. To this aim, an FPGA-based SDR scheme has been proposed combining Virtex-6 Perseus 6010 platform capabilities and a design flow based on High-Level Synthesis (HLS) tools. A full IEEE 802.15.4 (ZigBee) physical layer has been implemented on the proposed platform from a C-language dataflow specification. All the results have been analyzed to lead to a fair comparison between different design flows. Although the proposed SDR has some designing issues, it shows a noticeable designing potentiality to flexible prototyping of future wireless systems

CERTILOC: Implementation of a spatial-temporal certification service compatible with several localization technologies

The Third International Conference on Availability, Reliability and Security: ARES 2008 (March 4-7, 2008, Barcelona, Spain)Recently researchers are being encouraged to address security and privacy requirements for location information. This work contributes to this area by presenting CERTILOC, a prototype of a spatialtemporal certification service that is interoperable with representative localization technologies (GSM Cell-ID and GPS). Our work is completed with a broad threat analysis on spatial-temporal certification services and an exposition of legal considerations that can be made if used in work scenarios.Publicad

Um novo modelo de infra-estrutura de chaves públicas para uso no Brasil utilizando aplicativos com o código fonte aberto

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Ciência da Computação

An ICMetrics Based Lightweight Security Architecture Using Lattice Signcryption

The advent of embedded systems has completely transformed the information landscape. With the explosive growth in the use of interactive real-time technologies, this internet landscape aims to support an even broader range of application domains. The large amount of data that is exchanged by these applications has made them an attractive target for attacks. Thus it is important to employ security mechanisms to protect these systems from attackers. A major challenge facing researchers is the resource constrained nature of these systems, which renders most of the traditional security mechanisms almost useless. In this paper we propose a lightweight ICmetrics based security architecture using lattices. The features of the proposed architecture fulfill both the requirements of security as well as energy efficiency. The proposed architecture provides authentication, confidentiality, non-repudiation and integrity of data. Using the identity information derived from ICmetrics of the device, we further construct a sign cryption scheme based on lattices that makes use of certificate less PKC to achieve the security requirements of the design. This scheme is targeted on resource constrained environments, and can be used widely in applications that require sufficient levels of security with limited resources

Extending the web to support personal network services.

Web browsers are able to access resources hosted anywhere in the world, yet content and features on personal devices remain largely inaccessible. Because of routing, addressing and security issues, web applications are unable to use local sensors, cameras and nearby network devices without resorting to proprietary extensions. Several projects have attempted to overcome these limitations yet none provide a full solution which embraces existing web concepts and scales across multiple devices. This paper describes an improved approach based on a combination of Web Intents for discovery, a custom local naming system and routing provided by the webinos framework. We show that it can be applied to existing services and that improves upon the state of the art in privacy, consistency and flexibility