6 research outputs found
Formal security analysis of registration protocols for interactive systems: a methodology and a case of study
In this work we present and formally analyze CHAT-SRP (CHAos based
Tickets-Secure Registration Protocol), a protocol to provide interactive and
collaborative platforms with a cryptographically robust solution to classical
security issues. Namely, we focus on the secrecy and authenticity properties
while keeping a high usability. In this sense, users are forced to blindly
trust the system administrators and developers. Moreover, as far as we know,
the use of formal methodologies for the verification of security properties of
communication protocols isn't yet a common practice. We propose here a
methodology to fill this gap, i.e., to analyse both the security of the
proposed protocol and the pertinence of the underlying premises. In this
concern, we propose the definition and formal evaluation of a protocol for the
distribution of digital identities. Once distributed, these identities can be
used to verify integrity and source of information. We base our security
analysis on tools for automatic verification of security protocols widely
accepted by the scientific community, and on the principles they are based
upon. In addition, it is assumed perfect cryptographic primitives in order to
focus the analysis on the exchange of protocol messages. The main property of
our protocol is the incorporation of tickets, created using digests of chaos
based nonces (numbers used only once) and users' personal data. Combined with a
multichannel authentication scheme with some previous knowledge, these tickets
provide security during the whole protocol by univocally linking each
registering user with a single request. [..]Comment: 32 pages, 7 figures, 8 listings, 1 tabl
Game Theoretic Resistance to Denial of Service Attacks Using Hidden Difficulty Puzzles
Denial of Service (DoS) vulnerabilities are one of the major concerns in today’s Internet. Client-puzzles offer a good mechanism to defend servers against DoS attacks. In this paper, we introduce the notion of hidden puzzle difficulty, where the attacker cannot determine the difficulty of the puzzle without expending a minimal amount of computational resource. Game theory is used to develop defense mechanisms, which make use of such puzzles. New puzzles that satisfy the requirements of the defense mechanisms have been proposed. We also show that our defense mechanisms are more effective than the ones proposed in the earlier work by Fallah
Minding the Gap: Computing Ethics and the Political Economy of Big Tech
In 1988 Michael Mahoney wrote that “[w]hat is truly revolutionary about the computer will become clear only when computing acquires a proper history, one that ties it to other technologies and thus uncovers the precedents that make its innovations significant” (Mahoney, 1988). Today, over thirty years after this quote was written, we are living right in the middle of the information age and computing technology is constantly transforming modern living in revolutionary ways and in such a high degree that is giving rise to many ethical considerations, dilemmas, and social disruption. To explore the myriad of issues associated with the ethical challenges of computers using the lens of political economy it is important to explore the history and development of computer technology