The Application of Fuzzy Logic Controller to Compute a Trust Level for Mobile Agents in a Smart Home

Agents that travel through many hosts may cause a threat on the security of the visited hosts. Assets, system resources, and the reputation of the host are few possible targets for such an attack. The possibility for multi-hop agents to be malicious is higher compared to the one-hop or two-hop boomerang agents. The travel history is one of the factors that may allow a server to evaluate the trustworthiness of an agent. This paper proposes a technique to define levels of trust for multi-hop agents that are roaming in a smart home environment. These levels of trust are used later to determine actions taken by a host at the arrival of an agent. This technique uses fuzzy logic as a method to calculate levels of trust and to define protective actions in regard to those levels

Towards an Information Theoretic Analysis of Searchable Encryption (Extended Version)

Searchable encryption is a technique that allows a client to store data in encrypted form on a curious server, such that data can be retrieved while leaking a minimal amount of information to the server. Many searchable encryption schemes have been proposed and proved secure in their own computational model. In this paper we propose a generic model for the analysis of searchable encryptions. We then identify the security parameters of searchable encryption schemes and prove information theoretical bounds on the security of the parameters. We argue that perfectly secure searchable encryption schemes cannot be efficient. We classify the seminal schemes in two categories: the schemes that leak information upfront during the storage phase, and schemes that leak some information at every search. This helps designers to choose the right scheme for an application

Timed Analysis of Security Protocols

We propose a method for engineering security protocols that are aware of timing aspects. We study a simplified version of the well-known Needham Schroeder protocol and the complete Yahalom protocol, where timing information allows the study of different attack scenarios. We model check the protocols using UPPAAL. Further, a taxonomy is obtained by studying and categorising protocols from the well known Clark Jacob library and the Security Protocol Open Repository (SPORE) library. Finally, we present some new challenges and threats that arise when considering time in the analysis, by providing a novel protocol that uses time challenges and exposing a timing attack over an implementation of an existing security protocol

Adaptively Secure Computationally Efficient Searchable Symmetric Encryption

Searchable encryption is a technique that allows a client to store documents on a server in encrypted form. Stored documents can be retrieved selectively while revealing as little information as\ud possible to the server. In the symmetric searchable encryption domain, the storage and the retrieval are performed by the same client. Most conventional searchable encryption schemes suffer\ud from two disadvantages.\ud First, searching the stored documents takes time linear in the size of the database, and/or uses heavy arithmetic operations.\ud Secondly, the existing schemes do not consider adaptive attackers;\ud a search-query will reveal information even about documents stored\ud in the future. If they do consider this, it is at a significant\ud cost to updates.\ud In this paper we propose a novel symmetric searchable encryption\ud scheme that offers searching at constant time in the number of\ud unique keywords stored on the server. We present two variants of\ud the basic scheme which differ in the efficiency of search and\ud update. We show how each scheme could be used in a personal health\ud record system

Nonmonotonic Trust Management for P2P Applications

Community decisions about access control in virtual communities are non-monotonic in nature. This means that they cannot be expressed in current, monotonic trust management languages such as the family of Role Based Trust Management languages (RT). To solve this problem we propose RT-, which adds a restricted form of negation to the standard RT language, thus admitting a controlled form of non-monotonicity. The semantics of RT- is discussed and presented in terms of the well-founded semantics for Logic Programs. Finally we discuss how chain discovery can be accomplished for RT-.Comment: This paper appears in the proceedings of the 1st International Workshop on Security and Trust Management (STM 2005). To appear in ENTC

Thinking Outside the Box Turtle: Public Perceptions of an Imperiled Species

Eastern box turtles (Terrapene carolina carolina) experience negative impacts from human activities. Collection for the pet trade or mortalities caused by lawn mowers and vehicles are detrimental to populations, which have experienced rapid decline in Indiana. Understanding perceptions and attitudes held about species can help outreach. This study aims to observe how perceptions and fear response differ between a) genders, b) contact with box turtles, and c) conservation group membership. Mail surveys were administered to 1,378 residents of the Blue River Watershed in Southern Indiana. Respondents rated box turtles on 11 semantic differential pairs and reported their agreement towards a series of Likert-scale questions that measured conservation and fear related attitudes. While fear response was relatively low across groups, women had had a significantly higher fear response (1.71 out of 5) than men (1.53). Women had higher agreement that box turtles are important to the Blue River ecosystem (4.08 vs. 3.77). Respondents who had encountered a box turtle associated box turtles with positive phrases and had higher agreement to ecosystem importance (3.94 vs. 3.39). Members of conservation groups had significantly higher agreement to ecosystem importance (4.25) and approval of government spending on box turtle conservation (3.31) compared to non-members (3.81 and 2.94). There was no correlation between level of fear response and recognition of ecosystem importance. Exposure to box turtles can be a mechanism of instilling positive perceptions of the species. Outreach may not need to address “fearful” perceptions of this species for individuals to still value box turtle conservation

Biochemistry of the erythrocyte Rh polypeptides: a review.

The clinically important Rh blood group system is complex, consisting of multiple distinct antigens. Despite clinical recognition for over 50 years, the Rh blood group antigens have remained poorly understood on a molecular level until the recent identification and characterization of the "Rh polypeptides," the core structural proteins of the Rh antigens. This group of erythrocyte membrane proteins of molecular weight 30,000-35,000 daltons was first recognized by employing Rh-specific antibodies to immunoprecipitate radiolabeled components of erythrocyte membranes. By using antibodies specific for the Rh D, c, and E antigens, a series of highly related non-identical proteins were immunoprecipitated, indicating that the Rh antigens are composed of multiple related proteins. The Rh polypeptides have been purified and characterized, and they were found to have several unusual biochemical characteristics. The Rh polypeptides penetrate the membrane bilayer; they are linked to the underlying membrane skeleton; they are covalently fatty acid acylated with palmitate. While the Rh antigenic reactivity is unique to human erythrocytes, the Rh polypeptides have been isolated from erythrocytes of diverse species and are thought to be fundamental components of all mammalian erythrocyte membranes. The functional role of the Rh polypeptides remains undefined, but a role in the organization of membrane phospholipid is suspected

Trust Level and Routing Selection for Mobile Agents in a Smart Home (Extended version)

The central security concern for systems where agents roam is how to establish trust in the agent. We present a Fuzzy Logic mechanism to calculate a level of trust and an optimal route for a mobile agent system in a smart home. The mechanism consists of two parts. The first part calculates a trust level at the platform side to decide which actions should be allowed by a visiting mobile agent. The second part calculates an optimal route at the mobile agent side to decide an alternative destination in the case of rejection by a platform. Examples are provided from smart home scenarios, showing how flexible the proposed mechanism is

Privacy Enhanced Access Control by Means of Policy Blinding

Traditional techniques of enforcing an access control policy\ud rely on an honest reference monitor to enforce the policy. However, for\ud applications where the resources are sensitive, the access control policy\ud might also be sensitive. As a result, an honest-but-curious reference monitor would glean some interesting information from the requests that it\ud processes. For example if a requestor in a role psychiatrist is granted access to a document, the patient associated with that document probably\ud has a psychiatric problem. The patient would consider this sensitive in-\ud formation, and she might prefer the honest-but-curious reference monitor\ud to remain oblivious of her mental problem.\ud We present a high level framework for querying and enforcing a role\ud based access control policy that identifies where sensitive information\ud might be disclosed. We then propose a construction which enforces a\ud role based access control policy cryptographically, in such a way that the\ud reference monitor learns as little as possible about the policy. (The reference monitor only learns something from repeated queries). We prove\ud the security of our scheme showing that it works in theory, but that it\ud has a practical drawback. However, the practical drawback is common\ud to all cryptographically enforced access policy schemes. We identify several approaches to mitigate the drawback and conclude by arguing that\ud there is an underlying fundamental problem that cannot be solved. We\ud also show why attribute based encryption techniques do not not solve the\ud problem of enforcing policy by an honest but curious reference monitor