The ForwardDiffSig scheme for multicast authentication

This paper describes ForwardDiffSig, an efficient scheme for multicast authentication with forward security. This scheme provides source authentication, data integrity, and non-repudiation since it is based on the use of asymmetric cryptography. At the same time, it offers also protection against key exposure as it exploits OptiSum, our optimized implementation of the ISum forward-secure signature scheme. A tradeoff exists in the used keys: Short keys provide speed at the signer, whereas long keys are preferable for long-term non-repudiation. Performance has been evaluated with a custom packet simulator and shows that, by grouping the packets, ForwardDiffSig is efficient in terms of speed even for long keys at the price of a significant signature overhead. Therefore, ForwardDiffSig is fast, exhibits low delay, and provides non-repudiation and protection against key exposure, but has a nonnegligible impact in applications with strict energy or bandwidth constraint

Providing Login and Wi-Fi Access Services With the eIDAS Network: A Practical Approach

The digital identity (or electronic identity) of a person is about being able to prove upon authentication who one is on the Internet, with a certain level of assurance, such as by means of some attributes obtained from a trustworthy Identity Provider. In Europe, the eIDAS Network allows the citizens to authenticate securely with their national credentials and to provide such personal attributes when getting access to Service Providers in a different European country. Although the eIDAS Network is more and more known, its integration with real operational services is still at an initial phase. This paper presents two eIDAS-enabled services, Login with eIDAS and Wi-Fi access with eIDAS , that we have designed, implemented, deployed, and validated at the Politecnico di Torino in Italy. The validation study involved several undergraduate students, who have run the above services with their authentication credentials and platforms and with minimal indications on their usage. The results indicate that the services were beneficial. Several advantages exist both for the users and for the Service Providers, such as resistance to some security attacks and the possibility to adopt the service without prior user registration ( e.g. for short meetings, or in public places). However, some students expressed doubts about exploiting their national eID for Wi-Fi access, mainly in connection with usability and privacy issues. We discuss also these concerns, along with advantages and disadvantages of the proposed services

The ForwardDiffSig scheme for multicast authentication

This paper describes ForwardDiffSig, an efficient scheme for multicast authentication with forward security. This scheme provides source authentication, data integrity, and non-repudiation since it is based on the use of asymmetric cryptography. At the same time, it offers also protection against key exposure as it exploits OptiSum, our optimized implementation of the ISum forward-secure signature scheme. A tradeoff exists in the used keys: Short keys provide speed at the signer, whereas long keys are preferable for long-term non-repudiation. Performance has been evaluated with a custom packet simulator and shows that, by grouping the packets, ForwardDiffSig is efficient in terms of speed even for long keys at the price of a significant signature overhead. Therefore, ForwardDiffSig is fast, exhibits low delay, and provides non-repudiation and protection against key exposure, but has a nonnegligible impact in applications with strict energy or bandwidth constraints

Satellite-derived Time for Enhanced Telecom Networks Synchronization: the ROOT Project

Satellite-derived timing information plays a determinant role in the provisioning of an absolute time reference to telecommunications networks, as well as in a growing set of other critical infrastructures. In light of the stringent requirements in terms of time, frequency, and phase synchronization foreseen in upcoming access network architectures (i.e., 5G), Global Navigation Satellite System (GNSS) receivers are expected to ensure enhanced accuracy and reliability not only in positioning but also in timing. High-end GNSS timing receivers combined with terrestrial cesium clocks and specific transport protocols can indeed satisfy such synchronization requirements by granting sub-nanosecond accuracy. As a drawback, the network infrastructure can be exposed to accidental interferences and intentional cyber-attacks. Within this framework, the ROOT project investigates the effectiveness and robustness of innovative countermeasures to GNSS and cybersecurity threats within a reference network architecture