Security Policy Consistency

With the advent of wide security platforms able to express simultaneously all the policies comprising an organization's global security policy, the problem of inconsistencies within security policies become harder and more relevant. We have defined a tool based on the CHR language which is able to detect several types of inconsistencies within and between security policies and other specifications, namely workflow specifications. Although the problem of security conflicts has been addressed by several authors, to our knowledge none has addressed the general problem of security inconsistencies, on its several definitions and target specifications.Comment: To appear in the first CL2000 workshop on Rule-Based Constraint Reasoning and Programmin

Efficient Error-Propagating Block Chaining

This document presents EPBC, Efficient Error-Propagating Block Chaining, a new and efficient block encryption mode using both plaintext and ciphertext feedback. This encryption mode is similar to another one, IOBC, and was likewise designed to propagate erroneous decryptions of tampered blocks of ciphered data to all following blocks, hence allowing to validate the integrity of that data using a predefined trailing value. However, EPBC is more secure than IOBC, as it is not vulnerable to any known-plaintext attacks, and is more efficient than IOBC. Performance tests ran on a SPARCstation 10/40 show that EPBC is in average 1.2 times faster than IOBC, and 6.3 to 10.9 times faster than a common combination of an encryption mode and a one-way hash function (CBC and MD5)

REVS - A Robust Electronic Voting System

There are many protocols proposed for electronic voting, but only a few of them have prototypes implemented. Usually the prototypes are focused in the characteristics of the protocol and do not handle properly some real world issues, such as fault tolerance. This paper presents REVS, a robust electronic voting system designed for distributed and faulty environments, namely the Internet. The goal of REVS is to be an electronic voting system that accomplishes the desired characteristics of traditional voting systems, such as accuracy, democracy, privacy and verifiability. In addition, REVS deals with failures in real world scenarios, such as machine or communication failures, witch can lead to protocol interruptions. REVS robustness has consequences at three levels: (i) the voting process can be interrupted and recovered without weakening the voting protocol; (ii) it allows a certain degree of failures, with server replication; and (iii) none of the servers conducting the election, by its own or to a certain level of collusion, can corrupt the election outcome

Seguranca em comunicacoes remotas de aplicacoes legadas.

This thesis presents a generic, flexible and comprehensive solution for adding security to remote communications of legacy applications without modifying installed components - hardware, operating system or applications. The proposed solution, named Pes (Privacy Enhanced Sockets), operates at transport level and modifies socket data flows between remote applications. Pes acts by means of wrapping and mediation to replace normal, insecure data flows by other data flows with privacy and integrity control (secure channels). Pes components run at user level in several operating systems, and are easy to update or adapt in order to satisfy specific requirements of applications, users or organizations. This thesis also describes two new cryptographic algorithms - an error propagating block encryption mode and a stream cipher - which optimize the performance and increase the security of Pes. The cipher mode was mainly designed for optimizing integrity control, but it also improves the block cipher security. The stream cipher was designed to produce unique key streams, like one time pads, and to allow a flexible instantiation in order to defeat crypt analysis and balance several operational issues, such as performance, security and memory consumption.Available from Fundacao para a Ciencia e a Tecnologia, Servico de Informacao e Documentacao, Av. D. Carlos I, 126, 1249-074 Lisboa, Portugal / FCT - Fundação para o Ciência e a TecnologiaSIGLEPTPortuga

Timely Classification and Verification of Network Traffic Using Gaussian Mixture Models

Contains fulltext : 219972.pdf (publisher's version ) (Open Access

Internet Voting: Improving Resistance to Malicious Servers in REVS

With the explosive growth and consequent usage of the Internet as a medium to offer new services with increased value, it became possible to develop Internet Voting Systems. So far, several have been proposed but few have been implemented. REVS is an Internet Voting System based on blind signatures designed to tackle some of the real-world problems presented by other systems. The main contribution of our work is to improve the robustness of REVS. This is achieved with a scheme that prevents specific denial of service attacks against protocol participants, which are not easily detected. In particular, we address the problem raised by colluded malicious servers preventing voters from voting and the exhaustion of resources on servers. Then, we present a performance comparison of the solutions proposed against the current REVS protocol