25 research outputs found
Extending TLS with KMIP protocol for cloud computing
Get PDF© 2016 IEEE. Any information system using encryption tends to have its own key management infrastructure. In practice, we find a separate key management systems dedicated to application encryption, or database encryption, or file encryption etc. This emergent needs to several key management systems and multiple cryptographic algorithms are resolved by the new Key Management Interoperability Protocol (KMIP). This work specifies how the Key Management Interoperability Protocol (KMIP) can be included in Transport Layer Security (TLS) protocol in order to provide additional security features, flexibility, interoperability and authentication specially in distributed systems like Cloud Computing. Till now, authentication in TLS is limited to digital certificate and Kerberos. In this paper, we use the Key Management Interoperability Protocol to make an additional authentication option for TLS and we reduce handshake latency to 0-RTT for repeated handshakes and 1-RTT for full handshakes. We specify also the KMIP-TLS extension and its formal validation with AVISPA tool
SBaaS: Safe Box as a service
No full textInternational audiencehile paperless is a source of tremendousopportunities for companies, it is also a bearing of many newrisks. Indeed, externalization of electronic filing system canexpose the company to several vulnerabilities and threats. We propose, in our gSafe (Government Safe) project a new Cloud service, named Safe Box as a service (SBaaS). SBaaS is used for probative value archiving sensitive documents during a defined period in a secure environment. We propose a layered model that intends to satisfy Cloud user requirements and Cloud security challenges. In this paper we define the technical architecture of the service and its basic components. In addition we discuss its feasibility using Hadoop Distributed File System. </p
PCM in cloud
No full textInternational audienceData security is core concerns of hardware and software implementations. It is impacted not only by network architecture but also by access control mechanisms. In literature, there are several access control models such as the Mandatory Access Control (MAC), the Discretionary Access Control (DAC), the Role-Based Access Control (RBAC) and the latest one Usage Control Authorization, oBligation and Condition (UCONabc). We have already introduced the Profile centric modeling in previous work. In this paper we focus on the profile centric modeling using graph formalism and its implementation using matrixes. We already defined the profile as the combination of all possible authorization, obligation, condition, role, etc. and other access parameters like attributes that we can found in Cloud system. In this paper, we discuss its application, its complexity and its implementation based on Hadoop Distributed File System and using three matrixes (profile definition, profile inheritance and user assignment). The Profile centric modeling is an optimum paradigm to define access control policy in complex distributed and elastic system like cloud computing: Safe Box as a service.Published in:</p
POSTER: Resistance Analysis of Two AES-Like Against the Boomerang Attack
No full textInternational audienc
Survey on recent trends towards generalized differential and boomerang uniformities
No full textInternational audienc
Security Interoperability for Cooperative ITS: Architecture and Validation
No full textInternational audienc
