1,721,240 research outputs found
C.: Counterfeiting attacks on block-wise dependent fragile watermarking schemes
No full textThis is the author’s version of a work that was submitted/accepted for pub-lication in the following source: Nyeem, Hussain, Boles, Wageeh, & Boyd, Colin (2013) Counterfeiting at-tacks on block-wise dependent fragile watermarking schemes. In Proceed
Protocols for Authentication and Key Establishment
No full textProtocols for authentication and key establishment are the foundation for security of communications. The range and diversity of these protocols is immense, while the properties and vulnerabilities of different protocols can be remarkably subtle.\ud
\ud
\ud
Here is a comprehensive and integrated treatment of protocols for authentication and key establishment. It allows researchers and practitioners to quickly access a protocol for their needs and become aware of existing protocols that have been broken in the literature.\ud
\ud
As well as a clear and uniform presentation of the protocols, this book includes a description of all the main attack types and classifies most protocols in terms of their properties and resource requirements. It also includes tutorial material suitable for graduate students
Cryptography in the cloud : advances and challenges
No full textCloud computing is a currently developing revolution in information technology that is disturbing the way that individuals and corporate entities operate while enabling new distributed services that have not existed before. At the foundation of cloud computing is the broader concept of converged infrastructure and shared services. Security is often said to be a major concern of users considering migration to cloud computing. This article examines some of these security concerns and surveys recent research efforts in cryptography to provide new technical mechanisms suitable for the new scenarios of cloud computing. We consider techniques such as homomorphic encryption, searchable encryption, proofs of storage, and proofs of location. These techniques allow cloud computing users to benefit from cloud server processing capabilities while keeping their data encrypted; and to check independently the integrity and location of their data. Overall we are interested in how users may be able to maintain and verify their own security without having to rely on the trust of the cloud provider
SafeLib: Secure and High- Performance Outsourcing of Network Functions Made Easy
Full text linkOutsourcing virtual network functions (VNFs) to third-party service providers, such as public clouds, has become the norm. While outsourcing brings many benefits, including scalability, streamlined management, and lower initial investment, it also introduces security concerns. Due to the lack of trust in the cloud, organizations may opt to protect both their network functions and the traffic flowing through them. To overcome security challenges, the research community has proposed several solutions. Mainly, these solutions fall into two categories: i) solutions using the cryptographic approach and ii) solutions using a trusted hardware mechanism. This thesis aims to examine the research solutions aiming to overcome security challenges that come with outsourcing VNFs to a third-party service while providing a detailed analysis of which of these two categories is a better approach, and builds a novel solution that aims to fill the gap of existing solutions while maintaining a reasonable performance overhead, and scalability compared to other solutions. The research contributions of this PhD work are divided into two main parts.
First, we make an extensive study of the existing research work, which aims to answer the same research questions. After identifying these works, we analyse them, divide them into two main categories as mentioned above and analyse which of these categories is a better option. We make a more detailed analysis of the solutions that fall into this category and identify the gaps. To be able to build a high-level architecture, we explored existing research works which we can build upon. These works help our solution to fill in the gaps left by other existing solutions.
The second part of this PhD work was mainly practical work. We developed our solution while performing multiple performance measurements. As mentioned above, our solution is built upon other libraries/frameworks developed by other researchers/industries, so in order for us to successfully incorporate such libraries into our solution, the following steps were carried out; i) First, we analyse if those libraries were compatible with each other. In other words, we had to make sure that we could use those libraries together, ii) Second, we analyse the source code of each of those libraries/frameworks, iii) Third, we started building our solution while modifying the source code of each library/framework in order to answer our main research question, and maintain a desirable performance overhead, iv) Lastly we build our setup environment for running our solution, and carry out several measurement tests.
To summarize, the aim of the thesis is to provide a solution that VNF developers can use for developing their VNFs, and then securely outsourcing them to a third-party provider. Our solution is divided into two main libraries: i) a library used to develop and securely outsource stateless VNFs, and ii) a library used to develop and securely outsource stateful VNFs. Our analysis shows that our solution reduces the effort to develop VNFs significantly, by providing a high-level set of APIs. Our solution is shown to provide support against a wide range of attacks, which is achieved by incorporating Intel SGX, IPSec tunnel, and some other techniques developed by us and explored later in the thesis. Lastly, our solution provides scalability and a reasonable performance overhead
An analysis of the RC4 family of stream ciphers against\ud algebraic attacks
No full textTo date, most applications of algebraic analysis and\ud
attacks on stream ciphers are on those based on lin-\ud
ear feedback shift registers (LFSRs). In this paper, we\ud
extend algebraic analysis to non-LFSR based stream\ud
ciphers. Specifically, we perform an algebraic analysis\ud
on the RC4 family of stream ciphers, an example of\ud
stream ciphers based on dynamic tables, and inves-\ud
tigate its implications to potential algebraic attacks\ud
on the cipher. This is, to our knowledge, the first pa-\ud
per that evaluates the security of RC4 against alge-\ud
braic attacks through providing a full set of equations\ud
that describe the complex word manipulations in the\ud
system. For an arbitrary word size, we derive alge-\ud
braic representations for the three main operations\ud
used in RC4, namely state extraction, word addition\ud
and state permutation. Equations relating the inter-\ud
nal states and keystream of RC4 are then obtained\ud
from each component of the cipher based on these al-\ud
gebraic representations, and analysed in terms of their\ud
contributions to the security of RC4 against algebraic\ud
attacks. Interestingly, it is shown that each of the\ud
three main operations contained in the components\ud
has its own unique algebraic properties, and when\ud
their respective equations are combined, the resulting\ud
system becomes infeasible to solve. This results in a\ud
high level of security being achieved by RC4 against\ud
algebraic attacks. On the other hand, the removal of\ud
an operation from the cipher could compromise this\ud
security. Experiments on reduced versions of RC4\ud
have been performed, which confirms the validity of\ud
our algebraic analysis and the conclusion that the full\ud
RC4 stream cipher seems to be immune to algebraic\ud
attacks at present
Certificateless key agreement in the standard model
No full textWe show how to construct a certificateless key agreement\ud
protocol from the certificateless key encapsulation mechanism introduced by\ud
\cite{lippold-ICISC_2009} in ICISC 2009 using the \ud
\cite{DBLP:conf/acisp/BoydCNP08} protocol from ACISP 2008. We introduce the\ud
Canetti-Krawczyk (CK) model for certificateless cryptography, give security\ud
notions for Type I and Type II adversaries in the CK model, and highlight the\ud
differences to the existing eCK model discussed by \ud
\cite{DBLP:conf/pairing/LippoldBN09}. The resulting CK model is more relaxed\ud
thus giving more power to the adversary than the original CK model
Information sharing in the 21st century : progress and challenges
No full textWith the increasing threat of cyber and other attacks on critical infrastructure, governments throughout the world have been organizing industry to share information on possible threats. In Australia the Office of the Attorney General has formed Trusted Information Sharing Networks (TISN) for the various critical industries such as banking and electricity. Currently the majority of information for a TISN is shared at physical meetings. To meet cyber threats there are clearly limitations to physical meetings. Many of these limitations can be overcome by the creation of a virtual information sharing network (VISN). However there are many challenges to overcome in the design of a VISN both from a policy and technical viewpoint. We shall discuss some of these challenges in this talk
Multi-factor password-authenticated key exchange
Full text linkWe consider a new form of authenticated key exchange which we call multi-factor password-authenticated key exchange, where session establishment depends on successful authentication of multiple short secrets that are complementary in nature, such as a long-term password and a one-time response, allowing the client and server to be mutually assured of each other's identity without directly disclosing private information to the other party.\ud
\ud
Multi-factor authentication can provide an enhanced level of assurance in higher-security scenarios such as online banking, virtual private network access, and physical access because a multi-factor protocol is designed to remain secure even if all but one of the factors has been compromised.\ud
\ud
We introduce a security model for multi-factor password-authenticated key exchange protocols, propose an efficient and secure protocol called MFPAK, and provide a security argument to show that our protocol is secure in this model. Our security model is an extension of the Bellare-Pointcheval-Rogaway security model for password-authenticated key exchange and accommodates an arbitrary number of symmetric and asymmetric authentication factors
Automated proofs of computational indistinguishability
No full textWe present a tool for automatic analysis of computational indistinguishability between two strings of information. This is designed as a generic tool for proving cryptographic security based on a formalism that provides computational soundness preservation. The tool has been implemented and tested successfully with several cryptographic schemes. \u
- …
