Universally Composable Security Analysis of TLS---Secure Sessions with Handshake and Record Layer Protocols

We present a security analysis of the complete TLS protocol in the Universal Composable security framework. This analysis evaluates the composition of key exchange functionalities realized by the TLS handshake with the message transmission of the TLS record layer to emulate secure communication sessions and is based on the adaption of the secure channel model from Canetti and Krawczyk to the setting where peer identities are not necessarily known prior the protocol invocation and may remain undisclosed. Our analysis shows that TLS, including the Diffie-Hellman and key transport suites in the uni-directional and bi-directional models of authentication, securely emulates secure communication sessions

Raziel: Private and Verifiable Smart Contracts on Blockchains

Raziel combines secure multi-party computation and proof-carrying code to provide privacy, correctness and verifiability guarantees for smart contracts on blockchains. Effectively solving DAO and Gyges attacks, this paper describes an implementation and presents examples to demonstrate its practical viability (e.g., private and verifiable crowdfundings and investment funds). Additionally, we show how to use Zero-Knowledge Proofs of Proofs (i.e., Proof-Carrying Code certificates) to prove the validity of smart contracts to third parties before their execution without revealing anything else. Finally, we show how miners could get rewarded for generating pre-processing data for secure multi-party computation.Comment: Support: cothority/ByzCoin/OmniLedge

Improving Networking Technology Research and Teaching Environment by Utilizing Virtual Machine and Virtual Network Environment

Työn tavoitteena oli selvittää virtuaalisen tutkimusverkkoyhteyden tarvetta, vaatimuksia ja toteutuskelpoista tuomista tutkijoiden ja muiden tahojen, kuten opiskelijoiden, käyttöön. Virtuaalinen ympäristö oli tarkoitus rakentaa maksutta saatavilla olevien virtuaalikone- ja VPN-asiakasyhteysohjelmistojen varaan ja sen tulisi olla mahdollista asentaa tutkijoiden keskitetysti hallittuihin työasemiin. Lisäksi tutkittiin ratkaisun käyttökohteita, joista tärkeimpänä oli testiverkkoihin yhdistäminen. Ratkaisulle asetettavia vaatimuksia selvitettiin tietoturvapolitiikan, loppukäyttäjien, tietojärjestelmien ylläpidon ja laitteistovaatimusten kannalta. Käyttäjien ja ylläpidon näkemyksiä kyseltiin haastatteluin ja kyselyin. Työn tuloksena saatiin VirtualBox-virtualisointiohjelman ja OpenVPN-ohjelmiston muodostama kokonaisuus, joka mahdollistaa läpinäkyvän VPN-yhteyden ja rajoittamattomat käyttöoikeudet virtuaalikoneen sisällä. Ratkaisu täyttää sille asetetut tavoitteet ja vaatimukset melko hyvin, huonona puolena on sen suorituskyky verrattuna isäntäjärjestelmään.The objective of this thesis was to study the need for virtual research network connection and requirements for bringing an implementation to researchers and other parties, such as students. Virtual environment was intended to be built upon virtual machine and VPN client software that are available free of charge. This environment should be possible to install to workstations by centralized management system. In addition, other applications for the solution was studied, the most important application is connecting to testbed networks. The requirements for the solution were studied from the view-point of security policy, end users, IT administration and hardware. The views of the end users and administrators were studied by a questionnaire and interviews. The result of this thesis is the combination of VirtualBox virtualization software and OpenVPN software. It enables a transparent VPN connection to a virtual machine, for which the user has unrestricted administration level user rights. The solution fulfils the requirements fairly well, the weak point is its performance compared to the host system