130 research outputs found
mdTLS: How to Make middlebox-aware TLS more efficient?
The more data transmission over TLS protocol becomes increasingly common in
IT Systems, the more middleboxes are deployed in networks. These middleboxes
have several advantages, however, they become the target of cyber-attacks. Many
researchers proposed revised versions of TLS protocols to make them secure,
however, their approaches had some limitations. In this paper, we propose a
middlebox-delegated TLS (mdTLS) protocol to improve performance based on the
middlebox-aware TLS (maTLS), one of the most secure TLS protocols. We found out
that the computational complexity of mdTLS is about twice as low as that of
maTLS. Furthermore, we formally verified that our proposal meets newly defined
security goals as well as those verified by maTLS. All of the formal models and
lemmas are open to the public through following url
https://github.com/HackProof/mdTLS.Comment: 22 pages, 3 figures, 9 table
Short Selling Attack: A Self-Destructive But Profitable 51% Attack On PoS Blockchains
There have been several 51% attacks on Proof-of-Work (PoW) blockchains recently, including Verge and GameCredits, but the most noteworthy has been the attack that saw hackers make off with up to $18 million after a successful double spend was executed on the Bitcoin Gold network. For this reason, the Proof-of-Stake (PoS) algorithm, which already has advantages of energy efficiency and throughput, is attracting attention as an alternative to the PoW algorithm. With a PoS, the attacker needs to obtain 51% of the cryptocurrency to carry out a 51% attack. But unlike PoW, attacker in a PoS system is highly discouraged from launching 51% attack because he would have to risk losing his entire stake amount to do so. Moreover, even if a 51% attack succeeds, the value of PoS-based cryptocurrency will fall, and the attacker with the most stake will eventually lose the most. In this paper, we try to derive the results that go against these conventional myths. Despite of the significant depreciation of cryptocurrency, our method can make a profit from a 51% attack on the PoS blockchains using the traditional stock market\u27s short selling (or shorting) concept. Our findings are an example to show that the conventional myth that a destructive attack that destroys the blockchain ecosystem totally will not occur because it is fundamentally unprofitable to the attacker itself may be wrong
Countering Block Withholding Attack Effciently
Bitcoin, well-known cryptocurrency, selected Poof-of-Work (PoW) for its security. PoW mechanism incentivizes participants and deters attacks on the network. Bitcoin seems to have operated the stable distributed network with PoW until now. Researchers found, however, some vulnerabilities in PoW such as selfish mining, block withholding attack, and so on. Especially, after Rosenfeld suggested block withholding attack and Eyal made this attack practical, many variants and countermeasures have been proposed. Most countermeasures, however, were accompanied by changes in the mining algorithm to make the attack impossible, which lowered the practical adaptability. In this paper, we propose a countermeasure to prevent block withholding attack effectively. Mining pools can adapt our method without changing their mining environment
Trust-Based Access Control Model from Sociological Approach in Dynamic Online Social Network Environment
There has been an explosive increase in the population of the OSN (online social network) in recent years. The OSN provides users with many opportunities to communicate among friends and family. Further, it facilitates developing new relationships with previously unknown people having similar beliefs or interests. However, the OSN can expose users to adverse effects such as privacy breaches, the disclosing of uncontrolled material, and the disseminating of false information. Traditional access control models such as MAC, DAC, and RBAC are applied to the OSN to address these problems. However, these models are not suitable for the dynamic OSN environment because user behavior in the OSN is unpredictable and static access control imposes a burden on the users to change the access control rules individually. We propose a dynamic trust-based access control for the OSN to address the problems of the traditional static access control. Moreover, we provide novel criteria to evaluate trust factors such as sociological approach and evaluate a method to calculate the dynamic trust values. The proposed method can monitor negative behavior and modify access permission levels dynamically to prevent the indiscriminate disclosure of information
Pooled Mining Makes Selfish Mining Tricky
Bitcoin, the first successful cryptocurrency, uses the blockchain structure and PoW mechanism to generate blocks. PoW makes an adversary difficult to control the network until she retains over 50\% of the hashrate of the total network. Another cryptocurrency, Ethereum, also uses this mechanism and it did not make problem before. In PoW research, however, several attack strategies are studied. In this paper, we researched selfish mining in the pooled mining environment and found the pooled mining exposes mining information of the block which adversary is mining to the random miners. Using this leaked information, other miners can exploit the selfish miner. At the same time, the adversary loses revenue than when she does honest mining. Because of the existence of our counter method, the adversary with pooled mining cannot do selfish mining easily on Bitcoin or blockchains using PoW
Trust-Based Access Control Model from Sociological Approach in Dynamic Online Social Network Environment
There has been an explosive increase in the population of the OSN (online social network) in recent years. The OSN provides users with many opportunities to communicate among friends and family. Further, it facilitates developing new relationships with previously unknown people having similar beliefs or interests. However, the OSN can expose users to adverse effects such as privacy breaches, the disclosing of uncontrolled material, and the disseminating of false information. Traditional access control models such as MAC, DAC, and RBAC are applied to the OSN to address these problems. However, these models are not suitable for the dynamic OSN environment because user behavior in the OSN is unpredictable and static access control imposes a burden on the users to change the access control rules individually. We propose a dynamic trust-based access control for the OSN to address the problems of the traditional static access control. Moreover, we provide novel criteria to evaluate trust factors such as sociological approach and evaluate a method to calculate the dynamic trust values. The proposed method can monitor negative behavior and modify access permission levels dynamically to prevent the indiscriminate disclosure of information
Detective Mining: Selfish Mining Becomes Unrealistic under Mining Pool Environment
One of Bitcoin’s core security guarantees is that, for an attacker to be able to successfully interfere with the Bitcoin network and reverse transactions, they need to control 51% of total hash power. Eyal et al., however, significantly reduces Bitcoin’s security guarantee by introducing another type of attack, called Selfish Mining . The key idea behind selfish mining is for a miner to keep its discovered blocks private, thereby intentionally forking the chain. As a result of a selfish mining attack, even a miner with 25% of the computation power can bias the agreed chain with its blocks. After Eyal\u27s original paper, the concept of selfish mining has been actively studied within the Bitcoin community for several years. This paper studies a fundamental problem regarding the selfish mining strategy under the existence of mining pools. For this, we propose a new attack strategy, called Detective Mining , and show that selfish mining pool is not profitable anymore when other miners use our strategy
A Weakness in Jung-Paeng-Kim\u27s ID-based Conference Key Distribution Scheme
Very recently, Jung, Paeng and Kim [IEEE Communications Letters,
Vol 8, No 7, pp 446--448, July 2004] have demonstrated the
insecurity of Xu and Tilborg\u27s ID-based conference key
distribution scheme, and in addition, have revised the scheme to
fix the security flaws discovered by them. However, in this paper,
we show that Jung-Paeng-Kim\u27s revised scheme is still insecure
since it is vulnerable to an active attack of colluding
adversaries. We also show that our attack can be easily thwarted
by a simple patch
Security Weakness in a Three-Party Password-Based Key Exchange Protocol Using Weil Pairing
Recently, Wen, Lee, and Hwang proposed a three-party
password-authenticated key exchange protocol making use of the
Weil pairing. The protocol was claimed to be provably secure. But
despite the claim of provable security, the protocol is in fact
insecure in the presence of an active adversary. We demonstrate
this by presenting an attack that completely compromises the
authentication mechanism of the protocol. Consequently, the proof
of security for the protocol is invalidated
A weakness in Sun-Chen-Hwang\u27s three-party key agreement protocols using passwords
Recently, Sun, Chen and Hwang [J. Syst. Software, 75 (2005),
63-68] have proposed two new three-party protocols, one for
password-based authenticated key agreement and one for
verifier-based authenticated key agreement. In this paper, we show
that both of Sun-Chen-Hwang\u27s protocols are insecure against an
active adversary who can intercept messages, start multiple
sessions of a protocol, or otherwise control the communication in
the network. Also, we present a simple solution to the security
problem with the protocols
- …