"Water, Water, Every Where": Nuances for a Water Industry Critical Infrastructure Specification Exemplar

The water infrastructure is critical to human life, but little attention has been paid to the nuances of the water industry. Without such attention, evaluating security innovation in this domain without compromising the productivity goals when delivering water services is difficult. This paper proposes four nuances that need to be incorporated into a representative specification exemplar for the water industry; these provided input to the exemplar based on a fictional water company

Undetachable threshold signatures

A major problem of mobile agents is their inability to authenticate transactions in a hostile environment. Users will not wish to equip agents with their private signature keys when the agents may execute on untrusted platforms. Undetachable signatures were introduced to solve this problem by allowing users to equip agents with the means to sign signatures for tightly constrained transactions, using information especially derived from the user private signature key. However, the problem remains that a platform can force an agent to commit to a sub-optimal transaction. In parallel with the work on undetachable signatures, much work has been performed on threshold signature schemes, which allow signing power to be distributed across multiple agents, thereby reducing the trust in a single entity. We combine these notions and introduce the concept of an undetachable threshold signature scheme, which enables constrained signing power to be distributed across multiple agents, thus reducing the necessary trust in single agent platforms. We also provide an RSA-based example of such a scheme based on a combination of Shoup's threshold signature scheme, [7] and Kotzanikolaou et al's undetachable signature scheme, [3]

A Universally Composable Framework for the Privacy of Email Ecosystems

Email communication is amongst the most prominent online activities, and as such, can put sensitive information at risk. It is thus of high importance that internet email applications are designed in a privacy-aware manner and analyzed under a rigorous threat model. The Snowden revelations (2013) suggest that such a model should feature a global adversary, in light of the observational tools available. Furthermore, the fact that protecting metadata can be of equal importance as protecting the communication context implies that end-to-end encryption may be necessary, but it is not sufficient. With this in mind, we utilize the Universal Composability framework [Canetti, 2001] to introduce an expressive cryptographic model for email ``ecosystems\u27\u27 that can formally and precisely capture various well-known privacy notions (unobservability, anonymity, unlinkability, etc.), by parameterizing the amount of leakage an ideal-world adversary (simulator) obtains from the email functionality. Equipped with our framework, we present and analyze the security of two email constructions that follow different directions in terms of the efficiency vs. privacy tradeoff. The first one achieves optimal security (only the online/offline mode of the users is leaked), but it is mainly of theoretical interest; the second one is based on parallel mixing [Golle and Juels, 2004] and is more practical, while it achieves anonymity with respect to users that have similar amount of sending and receiving activity

Java obfuscation with a theoretical basis for building secure mobile agents

Abstract. In this paper we propose novel techniques to obfuscate Java programs for developing secure mobile agent systems. Our obfuscation techniques take advantage of polymorphism and exception mechanism of object-oriented languages and can drastically reduce the precision of points-to analysis of the programs. We show that determining precise points-to analysis in obfuscated programs is NP-hard and the fact provides a theoretical basis for our obfuscation techniques. Furthermore, in this paper we present some empirical experiments, whereby we demonstrate the effectiveness of our approaches

In Cloud We Trust: Risk-Assessment-as-a-Service

Part 1: Full PapersInternational audienceCloud computing is an emerging paradigm that allows adoption of on-demand services in a cost-effective way. Migrating services to the Cloud also means been exposed to new threats and vulnerabilities, thus, resulting in a modified assessment of risk. Assessing risk in the Cloud remains an open research issue, as it requires a given level of trust of the Cloud service provider for providing assessment data and implementing controls. This paper surveys existing knowledge, regarding risk assessment for the Cloud, and highlights the requirements for the design of a cloud-targeted method that is offered as a service, which is also in compliance with the specific characteristics of the Cloud

A Secure Agent-Mediated Payment Protocol

While software agents have been employed in payment protocols, they are largely passive entities, i.e., they participate in the payment protocol but do not make decision. In this paper, we propose an agent-assisted payment protocol called LITESET/A+ that empowers the payment agent (PA) to perform encryption operation for its owner. This is realized by introducing a Trusted Third Party (TTP) in the payment system based on the SET protocol (Secure Electronic Transaction) and a novel signcryption-threshold scheme. In LITESET/A+, the PA and TTP collaborate together to ensure the same level of security as the SET specification. At the same time, with the signcryptionthreshold scheme, the PA is more flexible and autonomous during trading