16 research outputs found
Automatic analysis of distance bounding protocols
Distance bounding protocols are used by nodes in wireless networks to
calculate upper bounds on their distances to other nodes. However, dishonest
nodes in the network can turn the calculations both illegitimate and inaccurate
when they participate in protocol executions. It is important to analyze
protocols for the possibility of such violations. Past efforts to analyze
distance bounding protocols have only been manual. However, automated
approaches are important since they are quite likely to find flaws that manual
approaches cannot, as witnessed in literature for analysis pertaining to key
establishment protocols. In this paper, we use the constraint solver tool to
automatically analyze distance bounding protocols. We first formulate a new
trace property called Secure Distance Bounding (SDB) that protocol executions
must satisfy. We then classify the scenarios in which these protocols can
operate considering the (dis)honesty of nodes and location of the attacker in
the network. Finally, we extend the constraint solver so that it can be used to
test protocols for violations of SDB in these scenarios and illustrate our
technique on some published protocols.Comment: 22 pages, Appeared in Foundations of Computer Security, (Affiliated
workshop of LICS 2009, Los Angeles, CA)
Informing the Design of Privacy-Empowering Tools for the Connected Home
Connected devices in the home represent a potentially grave new privacy
threat due to their unfettered access to the most personal spaces in people's
lives. Prior work has shown that despite concerns about such devices, people
often lack sufficient awareness, understanding, or means of taking effective
action. To explore the potential for new tools that support such needs directly
we developed Aretha, a privacy assistant technology probe that combines a
network disaggregator, personal tutor, and firewall, to empower end-users with
both the knowledge and mechanisms to control disclosures from their homes. We
deployed Aretha in three households over six weeks, with the aim of
understanding how this combination of capabilities might enable users to gain
awareness of data disclosures by their devices, form educated privacy
preferences, and to block unwanted data flows. The probe, with its novel
affordances-and its limitations-prompted users to co-adapt, finding new control
mechanisms and suggesting new approaches to address the challenge of regaining
privacy in the connected home.Comment: 10 pages, 2 figures. To appear in the Proceedings of the 2020 CHI
Conference on Human Factors in Computing Systems (CHI '20
An Optimal Symmetric Secret Distribution of Star Networks 1
In this paper, we present a lower bound on secret distribution in star network. Examples of star communication network exist in various systems including sensor networks where there is one base station and several sensors that need to communicate with it. While the previous result had shown the possibility of performing secret distribution in a star network using 2 log n secrets, the lower bound for this problem was unknown. With this motivation, in this paper, we derive a tight bound for the number of secrets required for secret distribution in a star network. We show that as n, the number of satellite nodes in the star network, tends to ∞, it suffices to maintain log n + 1/2 log log n + 1 secrets at the center node. However, log n + 1/2 log log n secrets do not. Even in the absence of the constraint of n → ∞, we argue that these bounds are reasonably tight, i.e., there are several examples for finite values of n where ⌈log n + 1/2 log log n ⌉ secrets do not suffice although ⌈log n + 1/2 log log n + 1 ⌉ secrets suffice for virtually all cases of practical interest. We also show that our protocol could provide a tradeoff between internal and external attacks and to reduce the number of secrets in acyclic, planar and fully connected bipartite graphs
A cross-domain privacy-preserving protocol for cooperative firewall optimization
Abstract—Firewalls have been widely deployed on the Internet for securing private networks. A firewall checks each incoming or outgoing packet to decide whether to accept or discard the packet based on its policy. Optimizing firewall policies is crucial for improving network performance. Prior work on firewall optimization focuses on either intra-firewall or inter-firewall optimization within one administrative domain where the privacy of firewall policies is not a concern. This paper explores interfirewall optimization across administrative domains for the first time. The key technical challenge is that firewall policies cannot be shared across domains because a firewall policy contains confidential information and even potential security holes, which can be exploited by attackers. In this paper, we propose the first cross-domain privacy-preserving cooperative firewall policy optimization protocol. Specifically, for any two adjacent firewalls belonging to two different administrative domains, our protocol can identify in each firewall the rules that can be removed because of the other firewall. The optimization process involves cooperative computation between the two firewalls without any party disclosing its policy to the other. We implemented our protocol and conducted extensive experiments. The results on real firewall policies show that our protocol can remove as many as 49 % of the rules in a firewall whereas the average is 19.4%. The communication cost is less than a few hundred KBs. Our protocol incurs no extra online packet processing overhead and the offline processing time is less than a few hundred seconds