Aggregating and Deploying Network Access Control Policies

The existence of errors or inconsistencies in the configuration of security components, such as filtering routers and/or firewalls, may lead to weak access control policies -- potentially easy to be evaded by unauthorized parties. We present in this paper a proposal to create, manage, and deploy consistent policies in those components in an efficient way. To do so, we combine two main approaches. The first approach is the use of an aggregation mechanism that yields consistent configurations or signals inconsistencies. Through this mechanism we can fold existing policies of a given system and create a consistent and global set of access control rules -- easy to maintain and manage by using a single syntax. The second approach is the use of a refinement mechanism that guarantees the proper deployment of such a global set of rules into the system, yet free of inconsistencies.Comment: 9 page

Negotiating and delegating obligations

International audienceIn this paper, we describe a security model where users are allowed to control their obligations partially or totally, depending on the security policy. The main motivation of our work is to design more flexible systems that take into account users' requirements in order to avoid obligation violations and therefore sanctions. In our model, users are able to negotiate or delegate their obligations in the case of incapacity to fulfill them. This is an important aspect to be considered, since it is common that, at work or in everyday life, a user may need to negotiate the fulfillment of a given obligation, or also need the help of others to perform a task on his/her behalf. This may be due to several reasons such as absence, vacation, conflict of interest, lack of time, of resource, of competence or simply for the sake of efficiency. In our model, we propose an approach to deal with the negotiation and the delegation of obligations based on the concept of contexts

Misconfiguration Management of Network Security Components

Many companies and organizations use firewalls to control the access to their network infrastructure. Firewalls are network security components which provide means to filter traffic within corporate networks, as well as to police incoming and outcoming interaction with the Internet. For this purpose, it is necessary to configure firewalls with a set of filtering rules. Nevertheless, the existence of errors in a set of filtering rules is very likely to degrade the network security policy. The discovering and removal of these configuration errors is a serious and complex problem to solve. In this paper, we present a set of algorithms for such a management. Our approach is based on the analysis of relationships between the set of filtering rules. Then, a subsequent rewriting of rules will derive from an initial firewall setup -- potentially misconfigured -- to an equivalent one completely free of errors. At the same time, the algorithms will detect useless rules in the initial firewall configuration.Comment: 9 pages, 4 figures, 10 references, 7th International Symposium on System and Information Security (SSI), Sao Paulo, Brazi

Access and privacy control enforcement in RFID middleware systems: Proposal and implementation on the Fosstrak platform

International audienceRadio Frequency IDentification (RFID) technology offers a new way of automating the identification and storing of information in RFID tags. The emerging opportunities for the use of RFID technology in human centric applications like monitoring and indoor guidance systems indicate how important this topic is in term of privacy. Holding privacy issues from the early stages of RFID data collection helps to master the data view before translating it into business events and storing it in databases. An RFID middleware is the entity that sits between tag readers and database applications. It is in charge of collecting, filtering and aggregating the requested events from heterogeneous RFID environments. Thus, the system, at this point, is likely to suffer from parameter manipulation and eavesdropping, raising privacy concerns. In this paper, we propose an access and privacy controller module that adds a security level to the RFID middleware standardized by the EPCglobal consortium. We provide a privacy policy-driven model using some enhanced contextual concepts of the extended Role Based Access Control model, namely the purpose, the accuracy and the consent principles. We also use the provisional context to model security rules whose activation depends on the history of previously performed actions. To show the feasibility of our privacy enforcement model, we first provide a proof-of-concept prototype integrated into the middleware of the Fosstrak platform, then evaluate the performance of the integrated module in terms of execution time

Medical image integrity control combining digital signature and lossless watermarking

International audienceEnforcing protection of medical content becomes a major issue of computer security. Since medical contents are more and more widely distributed, it is necessary to develop security mechanism to guarantee their confidentiality, integrity and traceability in an autonomous way. In this context, watermarking has been recently proposed as a complementary mechanism for medical data protection. In this paper, we focus on the verification of medical image integrity through the combination of digital signatures with such a technology, and especially with Reversible Watermarking (RW). RW schemes have been proposed for images of sensitive content for which any modification may aspect their interpretation. Whence, we compare several recent RW schemes and discuss their potential use in the framework of an integrity control process in application to different sets of medical images issued from three distinct modalities: Magnetic Resonance Images, Positron Emission Tomography and Ultrasound Imaging. Experimental results with respect to two aspects including data hiding capacity and image quality preservation, show different limitations which depend on the watermark approach but also on image modality specificities

A service dependency modeling framework for policy-based response enforcement

International audienceThe use of dynamic access control policies for threat response adapts local response decisions to high level system constraints. However, security policies are often carefully tightened during system design-time, and the large number of service dependencies in a system architecture makes their dynamic adaptation di±cult. The enforcement of a single re- sponse rule requires performing multiple con¯guration changes on multi- ple services. This paper formally describes a Service Dependency Frame- work (SDF) in order to assist the response process in selecting the pol- icy enforcement points (PEPs) capable of applying a dynamic response rule. It automatically derives elementary access rules from the generic access control, either allowed or denied by the dynamic response pol- icy, so they can be locally managed by local PEPs. SDF introduces a requires/provides model of service dependencies. It models the service architecture in a modular way, and thus provides both extensibility and reusability of model components. SDF is de¯ned using the Architecture Analysis and Design Language, which provides formal concepts for mod- eling system architectures. This paper presents a systematic treatment of the dependency model which aims to apply policy rules while minimizing con¯guration changes and reducing resource consumption

Handling Stateful Firewall Anomalies

Part 4: Access ControlInternational audienceA security policy consists of a set of rules designed to protect an information system. To ensure this protection, the rules must be deployed on security components in a consistent and non-redundant manner. Unfortunately, an empirical approach is often adopted by network administrators, to the detriment of theoretical validation. While the literature on the analysis of configurations of first generation (stateless) firewalls is now rich, this is not the case for second and third generation firewalls, also known as stateful firewalls. In this paper, we address this limitation, and provide solutions to analyze and handle stateful firewall anomalies and misconfiguration

KEDGEN2: A key establishment and derivation protocol for EPC Gen2 RFID systems

International audienceThe EPC Class-1 Generation-2 (Gen2 for short) is a Radio Frequency IDentification (RFID) technology that is gaining a prominent place in several domains. However, the Gen2 standard lacks verifiable security functionalities. Eavesdropping attacks can, for instance, affect the security of applications based on the Gen2 technology. To address this problem, RFID tags must be equipped with a robust mechanism to authenticate readers before authorising them to access their data. In this paper, we propose a key establishment and derivation protocol, which is applied at both identification phase and those remainder operations requiring security. Our solution is based on a pseudorandom number generator that uses a low computational workload, while ensuring long term secure communication to protect the secrecy of the exchanged data. Mutual authentication of the tag and the sensor and strong notions of secrecy such as forward and backward secrecy are analysed, and we prove formally that after being amended, our protocol is secure with respect to these properties

ICT Systems Security and Privacy Protection: 29th IFIP TC 11 International Conference, SEC 2014 Marrakech, Morocco, June 2-4, 2014

International audienceBook Front Matter of AICT 42

AIS Authentication Using Certificateless Cryptography

ABSTRACT: The Automatic Identification System (AIS) is a maritime situational awareness system, designed as a collision avoidance tool to increase security at sea. Widely accepted, its data is now used for various applications, from maritime traffic predictions to the environmental effects of noise pollution. However, the AIS has been designed without security in mind and does not embed any authentication strategy. Research has shown how this lack of authentication could lead to disastrous consequences. Authentication AIS is thus an active research field, but the constraints imposed by the AIS network require subtle protocol design and careful use of new cryptographic technologies. This work proposes an authentication scheme for the AIS using the advantages of certificateless cryptography. The scheme is backward-compatible with standard AIS versions. We evaluate the performance and security of our proposed scheme through simulations and theoretical analysis. Our results show that our scheme provides strong security guarantees and efficient performance, making it a promising candidate for authenticating AIS signals in practice