Property Based Broadcast Encryption in the Face of Broadcasts
|
|
- Cory Barrett
- 3 years ago
- Views:
Transcription
1 Property-Based Broadcast Encryption for Multi-level Security Policies André Adelsbach, Ulrich Huber, and Ahmad-Reza Sadeghi Horst Görtz Institute for IT Security, Ruhr Universität Bochum, Germany Eighth International Conference on Information Security and Cryptology (ICISC 2005) Seoul, December 1, 2005
2 Multi-level security allows the system designer to limit the adversary s success to the amount of resources deployed in the attack AN EXAMPLE: MULTI-LEVEL SECURITY IN THE FACE OF VARYING PROTECTION LEVELS ILLUSTRATIVE One level of security Multi-level security Same asset, but two locks with different protection levels Adversary s strategy: break weaker lock Less valuable asset behind weaker lock Adversary s effort grows with desired value to be acquired 1
3 In a flexible content distribution model, the content providers should be able to base their access decision on the devices properties ACCESS DECISION FOR A BROADCAST EMISSION BASED ON ARBITRARY PROPERTIES OF DEVICES EXAMPLE Property 1: Region Property 2: Interface Allowed devices A Analog interface (no software patch*) Disallowed devices Content provider s access decision: only devices In region A With analog interface Digital interface (or software patch possible) l * Or at least no malicious patch, prevented by, e.g., proprietary software. 2
4 We can represent properties in a tree structure, whose leaves are the property configurations REPRESENTATION OF PROPERTIES AND PROPERTY CONFIGURATIONS IN A TREE STRUCTURE EXAMPLE Property Value Region North South Interface Analog Digital Analog Digital Data format MPEG CD MPEG CD MPEG CD MPEG CD Configuration Property configuration 4 := (North, Digital, CD) 3
5 If we choose a straightforward approach for mapping devices with a specific property configuration to devices in a tree-based broadcast encryption scheme, we cannot find an efficient cover A STRAIGHTFORWARD APPROACH FOR MAPPING CONFIGURATIONS TO BROADCAST TREES: ASSIGNMENT TO LEAVES IN ASCENDING ORDER Example: Configuration # of devices EXAMPLE No exclusive common ancestor Several nodes required to cover a configuration Devices Configuration
6 By mapping property configurations to the nodes of a special tree level, we find an efficient cover, but have to distribute unnecessarily many keys to devices AN IMPROVED APPROACH: ASSIGNMENT OF CONFIGURATIONS TO THE NODES OF A SPECIAL TREE LEVEL Assigned leaf Unassigned leaf Configuration level Device Configuration
7 We propose to cut the tree at the special level and generate a configuration tree at the top as well as a forest of device trees at the bottom, where we allow individual tree heights PROPOSED SOLUTION: SEPARATION OF THE SUBTREES BELOW CONFIGURATION NODES AND VARYING HEIGHT OF SUBTREES Assigned leaf Unassigned leaf Configuration tree Device trees Reduced height 6
8 The implantation of pseudo-random chains into the lowest level of the configuration tree induces a hierarchy, allowing superior configurations to descend (go to the left) to inferior configurations INTRODUCTION OF A HIERARCHICAL PROPERTY INTO THE CONFIGURATION TREE BY IMPLANTING PSEUDO-RANDOM CHAINS Increasing hierarchy Pseudo-random chain Regular property Hierarchical property Configuration Configuration 7 has access to content of configurations 5 and 6 7
9 We can interpret the pseudo-random chains as one-way doors, leading to rooms with lower protection INTERPRETATION OF THE PSEUDO-RANDOM CHAINS AS ONE-WAY DOORS Multi-level security with implanted hierarchies One-way door Very weak lock Weak lock Strong lock Very strong lock Implications Value of assets grows with lock strength Single key allows access to all lowerlevel rooms Applications: pay TV, CD/DVD distribution, file encryption, online subscriptions 8
10 Although we can easily embed the pseudo-random chain, its semantics need to be thoroughly enforced during revocation, encryption and decryption SOME TECHNICAL DETAILS OF THE SCHEME 1. Implantation of pseudo-random chains using labels: sk C inf PRCG non-intact C K δ ( PRCG ( label ) 2. Declaration of configuration c k as non-intact: C covered non-intact MostInferior L sup { } Inferior( ) c k c k 3. Encryption with properties and revocation information: disallowed ( C ( C C non-intact ) Provider Center 4. Decryption in three possible ways: c k C covered c k Superior covered allowed non-intact ( C ) ( c ( C C ) k 1 PRCG: pseudo-random chain generator, sk: secret key, inf/sup: inferior/superior configuration, 9
11 By embedding properties including one hierarchical property into a broadcast encryption tree, the proposed solution is more efficient than existing schemes in the hierarchical setting, but still as secure SUMMARY AND RESULT OF THE PROPOSED SOLUTION Summary Encoding of properties into the top of an existing broadcast tree Separation of property-related tree levels from device-related tree levels Configuration tree Device trees Implantation of pseudo-random chains and modification of revocation, encryption and decryption algorithms Result Reduction of message header length in hierarchical setting*: c log 2 ( l) Same security (IND-CCA1) as existing tree-based schemes, e.g., Subset Difference scheme proposed by Naor, Naor and Lotspiech Assumption: availability of cryptographically secure pseudo-random generators * l: number of hierarchy levels, c: small constant, e.g., c = 1 compared to Complete Subtree scheme and c = 2 compared to Subset Difference scheme proposed by Naor, Naor and Lotspiech 10
12 You can reach the authors at the Horst Görtz Institute for IT Security CONTACT TO THE AUTHORS André Adelsbach Ulrich Huber Ahmad-Reza Sadeghi Horst Görtz Institute for IT Security Ruhr Universität Bochum Universitätsstraße Bochum GERMANY Website: 11
Secure Software Delivery and Installation in Embedded Systems
Secure Software Delivery and Installation in Embedded Systems André Adelsbach, Ulrich Huber, Ahmad-Reza Sadeghi Horst-Görtz-Institute, Bochum, Germany ISPEC 2005 Presentation Singapore, April 13, 2005
More informationEmbedding Trust into Cars Secure Software Delivery and Installation
Embedding Trust into Cars Secure Software Delivery and Installation André Adelsbach, Ulrich Huber, Ahmad-Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security, Bochum, Germany Third Workshop
More informationKey Management Schemes for Stateless Receivers Based on Time Varying Heterogeneous Logical Key Hierarchy
Key Management Schemes for Stateless Receivers Based on Time Varying Heterogeneous Logical Key Hierarchy Miodrag J. Mihaljević Mathematical Institute, Serbian Academy of Sciences and Arts Kneza Mihaila
More informationSecure Data Management in Trusted Computing
1 Secure Data Management in Trusted Computing Ulrich Kühn Deutsche Telekom Laboratories, TU Berlin Klaus Kursawe (KU Leuven) Stefan Lucks (U Mannheim) Ahmad-Reza Sadeghi (RU Bochum) Christian Stüble (RU
More informationThe LSD Broadcast Encryption Scheme
The LSD Broadcast Encryption Scheme Dani Halevy and Adi Shamir Applied Math. Dept. The Weizmann Institute of Science Rehovot 76100, Israel {danih,shamir}@wisdom.weizmann.ac.il Abstract. Broadcast Encryption
More informationSecure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI
Volume: 2, Issue: 7, 20-27 July 2015 www.allsubjectjournal.com e-issn: 2349-4182 p-issn: 2349-5979 Impact Factor: 3.762 Miss Rohini Vidhate Savitribai Phule Pune University. Mr. V. D. Shinde Savitribai
More informationSecure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment
Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Chih Hung Wang Computer Science and Information Engineering National Chiayi University Chiayi City 60004,
More informationPatterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de
More informationIdentity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks
Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks Tsz Hon Yuen - Huawei, Singapore Ye Zhang - Pennsylvania State University, USA Siu Ming
More informationFast Digital Identity Revocation. e-mail: lodha@paul.rutgers.edu. Part of this work was done while this
Fast Digital Identity Revocation èextended Abstractè William Aiello 1 Sachin Lodha 2 Rafail Ostrovsky 3 1 Bell Communications Research, email: aiello@bellcore.com 2 Rutgers University Computer Science
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationA refined architecture for DRM
A refined architecture for DRM Koen Buyens Sam Michiels Wouter Joosen Report CW 450, June 2006 nkatholieke Universiteit Leuven Department of Computer Science Celestijnenlaan 200A B-3001 Heverlee (Belgium)
More informationSP 800-130 A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter
SP 800-130 A Framework for Designing Cryptographic Key Management Systems 5/25/2012 Lunch and Learn Scott Shorter Topics Follows the Sections of SP 800-130 draft 2: Introduction Framework Basics Goals
More informationkeep your Passwords secure!
keep your Passwords secure! architectures for secure identity ManageMent: a bottom View Secure Identity Management is is a a key key aspect for corporate security. It It comprises modern technical solutions
More informationPatient Controlled Encryption: Ensuring Privacy of Electronic Medical Records
Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records Josh Benaloh, Melissa Chase, Eric Horvitz, and Kristin Lauter Microsoft Research Redmond, WA, USA {benaloh,melissac,horvitz,klauter}@microsoft.com
More informationSecuring LAN Connected Devices in Industrial Sites with TLS and Multicast DNS
Securing LAN Connected Devices in Industrial Sites with TLS and Multicast DNS Tero Keski-Valkama May 28, 2015 Version 1.0 Abstract This whitepaper outlines a more flexible and more secure user interface
More informationAn Efficient Key Management Scheme for Secure Data Access Control in Wireless Broadcast Services
IJCSNS International Journal of Computer Science and Network Security, VOL.12 No.10, October 2012 123 An Efficient Key Management Scheme for Secure Data Access Control in Wireless Broadcast Services K.V.Rajesh,
More informationA Secure Decentralized Access Control Scheme for Data stored in Clouds
A Secure Decentralized Access Control Scheme for Data stored in Clouds Priyanka Palekar 1, Abhijeet Bharate 2, Nisar Anjum 3 1 SKNSITS, University of Pune 2 SKNSITS, University of Pune 3 SKNSITS, University
More informationConfiguring CQ Security
Configuring CQ Security About Me CQ Architect for Inside Solutions http://inside-solutions.ch CQ Blog: http://cqblog.inside-solutions.ch Customer Projects with Adobe CQ Training Material on Adobe CQ Agenda
More informationPhysical Data Organization
Physical Data Organization Database design using logical model of the database - appropriate level for users to focus on - user independence from implementation details Performance - other major factor
More informationAuthenticated In-Network Programming for Wireless Sensor Networks
Authenticated In-Network Programming for Wireless Sensor Networks Ioannis Krontiris and Tassos Dimitriou Athens Information Technology, P.O.Box 68, 19.5 km Markopoulo Ave., GR- 19002, Peania, Athens, Greece
More informationAdvanced Computer Networks IN2097. 1 Dec 2015
Chair for Network Architectures and Services Technische Universität München Advanced Computer Networks IN2097 1 Dec 2015 Prof. Dr.-Ing. Georg Carle Chair for Network Architectures and Services Department
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationHardware Security Modules for Protecting Embedded Systems
Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &
More informationSECURE RE-ENCRYPTION IN UNRELIABLE CLOUD USINGSYNCHRONOUS CLOCK
International Journal of Advance Research In Science And Engineering IJARSE, Vol. No.4, Issue No.01, January 2015 http:// SECURE RE-ENCRYPTION IN UNRELIABLE CLOUD USINGSYNCHRONOUS CLOCK Arudra Gopala Rao
More informationEnforcing Regional DRM for Multimedia Broadcasts with and without Trusted Computing
Enforcing Regional DRM for Multimedia Broadcasts with and without Trusted Computing Ulrich Greveler Horst Görtz Institute for IT Security Ruhr University Bochum Germany ulrich.greveler@nds.rub.de This
More informationLecture 9 - Message Authentication Codes
Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,
More informationProperty Based TPM Virtualization
Property Based Virtualization Marcel Winandy Joint work with: Ahmad Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security Chair for System Security Ruhr University Bochum, Germany Sirrix
More informationAN RC4 BASED LIGHT WEIGHT SECURE PROTOCOL FOR SENSOR NETWORKS
AN RC4 BASED LIGHT WEIGHT SECURE PROTOCOL FOR SENSOR NETWORKS Chang N. Zhang and Qian Yu Department of Computer Science, University of Regina 3737 Wascana Parkway, Regina, SK S4S 0A2 Canada {zhang, yu209}@cs.uregina.ca
More informationPeer-to-peer Cooperative Backup System
Peer-to-peer Cooperative Backup System Sameh Elnikety Mark Lillibridge Mike Burrows Rice University Compaq SRC Microsoft Research Abstract This paper presents the design and implementation of a novel backup
More informationSimple Network Management Protocol
CHAPTER 32 Simple Network Management Protocol Background Simple Network Management Protocol (SNMP) is an application-layer protocol designed to facilitate the exchange of management information between
More informationIndexing XML Data in RDBMS using ORDPATH
Indexing XML Data in RDBMS using ORDPATH Microsoft SQL Server 2005 Concepts developed by: Patrick O Neil,, Elizabeth O Neil, (University of Massachusetts Boston) Shankar Pal,, Istvan Cseri,, Oliver Seeliger,,
More informationData Security in Unattended Wireless Sensor Network
Data Security in Unattended Wireless Sensor Network Roberto Di Pietro UNESCO Chair in Data Privacy Di Ma UCI Prof. Luigi Mancini Università di Roma La Sapienza Claudio Soriente UCI Angelo Spognardi INRIA
More informationA Practical Authentication Scheme for In-Network Programming in Wireless Sensor Networks
A Practical Authentication Scheme for In-Network Programming in Wireless Sensor Networks Ioannis Krontiris Athens Information Technology P.O.Box 68, 19.5 km Markopoulo Ave. GR- 19002, Peania, Athens, Greece
More informationEnforcing Role-Based Access Control for Secure Data Storage in the Cloud
The Author 211. Published by Oxford University Press on behalf of The British Computer Society. All rights reserved. For Permissions please email: journals.permissions@oup.com Advance Access publication
More informationPointsec Enterprise Encryption and Access Control for Laptops and Workstations
Pointsec Enterprise Encryption and Access Control for Laptops and Workstations Overview of PC Security Since computer security has become increasingly important, almost all of the focus has been on securing
More informationEncrypting ATM Firewall
Encrypting ATM Firewall Abstract This paper explores the mechanics and policies that are necessary to protect information transmitted over an untrusted high speed wide area ATM network. The network model
More informationHow encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and
How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing
More informationPatient Controlled Encryption: Ensuring Privacy of Electronic Medical Records
Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records Josh Benaloh, Melissa Chase, Eric Horvitz, and Kristin Lauter Microsoft Research Redmond, WA, USA {benaloh,melissac,horvitz,klauter}@microsoft.com
More informationCRUST: Cryptographic Remote Untrusted Storage without Public Keys
CRUST: Cryptographic Remote Untrusted Storage without Public Keys Erel Geron Avishai Wool July 10, 2007 Abstract This paper presents CRUST, a stackable file system layer designed to provide secure file
More informationPower Proximity Based Key Management for Secure Multicast in Ad Hoc Networks
Power Proximity Based Key Management for Secure Multicast in Ad Hoc Networks Loukas Lazos and Radha Poovendran Network Security Lab, Dept. of EE, University of Washington, Seattle, WA 98195-2500 {l lazos,
More information3-6 Toward Realizing Privacy-Preserving IP-Traceback
3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems
More informationHow To Make A Trustless Certificate Authority Secure
Network Security: Public Key Infrastructure Guevara Noubir Northeastern University noubir@ccs.neu.edu Network Security Slides adapted from Radia Perlman s slides Key Distribution - Secret Keys What if
More informationWHITE PAPER. Understanding IP Addressing: Everything You Ever Wanted To Know
WHITE PAPER Understanding IP Addressing: Everything You Ever Wanted To Know Understanding IP Addressing: Everything You Ever Wanted To Know CONTENTS Internet Scaling Problems 1 Classful IP Addressing 3
More informationAttack Graph Techniques
Chapter 2 Attack Graph Techniques 2.1 An example scenario Modern attack-graph techniques can automatically discover all possible ways an attacker can compromise an enterprise network by analyzing configuration
More informationAdaptive HTTP streaming and HTML5. 1 Introduction. 1.1 Netflix background. 1.2 The need for standards. W3C Web and TV Workshop, 8-9 February 2011
W3C Web and TV Workshop, 8-9 February 2011 Adaptive HTTP streaming and HTML5 Mark Watson, Netflix Inc. 1 Introduction 1.1 Netflix background Netflix is a leading provider of streaming video services in
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationBKDconnect Security Overview
BKDconnect Security Overview 1 Introduction 1.1 What is BKDconnect 1.2 Site Creation 1.3 Client Authentication and Access 2 Security Design 2.1 Confidentiality 2.1.1 Least Privilege and Role Based Security
More informationSecurity Goals Services
1 2 Lecture #8 2008 Freedom from danger, risk, etc.; safety. Something that secures or makes safe; protection; defense. Precautions taken to guard against crime, attack, sabotage, espionage, etc. An assurance;
More informationProof of Freshness: How to efficiently use an online single secure clock to secure shared untrusted memory.
Proof of Freshness: How to efficiently use an online single secure clock to secure shared untrusted memory. Marten van Dijk, Luis F. G. Sarmenta, Charles W. O Donnell, and Srinivas Devadas MIT Computer
More informationEfficient Cooperative Signatures: A Novel Authentication Scheme for Sensor Networks
Efficient Cooperative Signatures: A Novel Authentication Scheme for Sensor Networks Stefaan Seys and Bart Preneel K.U.Leuven, Department Electrical Engineering-ESAT, SCD/COSIC, Kasteelpark Arenberg 10,
More informationTutorial 2. May 11, 2015
Tutorial 2 May 11, 2015 I. Basic Notions Review Questions Chapter 5 & 11 Multiple-choice Example Chapter 5 Which is the first step in securing an operating system? a. implement patch management b. configure
More informationConfiguration Management. Software Configuration Management. Example of System Families. Configuration Management
Configuration Management Software Configuration Management New versions of software systems are created as they change: For different machines/os; Offering different functionality; Tailored for particular
More informationHybrid Planning in Cyber Security Applications
Louisa Pragst 20. November 2013 Hybrid Planning in Cyber Security Applications Bachelor Thesis 2 Hybrid Planning in Cyber Security Applications Introduction Overview Transformation of a POCL domain into
More informationDigital Rights Management. Introduction
Digital Rights Management 12/1/2010 Digital Rights Management 1 Introduction Digital Rights Management (DRM) is a term used for systems that restrict the use of digital media DRM defends against the illegal
More informationBypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken
Bypassing Local Windows Authentication to Defeat Full Disk Encryption Ian Haken Who Am I? Currently a security researcher at Synopsys, working on application security tools and Coverity s static analysis
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationForward Security. Adaptive Cryptography: Time Evolution. Gene Itkis. Computer Science Department Boston University
Forward Security Adaptive Cryptography: Time Evolution Gene Itkis Computer Science Department Boston University Abstract. We survey the development of forward security and relate it to other concepts and
More informationCSC/ECE 574 Computer and Network Security. What Is PKI. Certification Authorities (CA)
Computer Science CSC/ECE 574 Computer and Network Security Topic 7.2 Public Key Infrastructure (PKI) CSC/ECE 574 Dr. Peng Ning 1 What Is PKI Informally, the infrastructure supporting the use of public
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More informationSecurity for Ubiquitous and Adhoc Networks
Security for Ubiquitous and Adhoc Networks Mobile Adhoc Networks Collection of nodes that do not rely on a predefined infrastructure Adhoc networks can be formed merged together partitioned to separate
More informationAuthenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre Some slides were also taken from Chanathip Namprempre's defense
More informationAdvanced Encryption Standard (AES) User's Guide
Advanced Encryption Standard (AES) User's Guide Version 1.00 BETA For use with AES versions 1.6 and above Date: 11-Feb-2015 11:23 All rights reserved. This document and the associated software are the
More informationBinary Trees and Huffman Encoding Binary Search Trees
Binary Trees and Huffman Encoding Binary Search Trees Computer Science E119 Harvard Extension School Fall 2012 David G. Sullivan, Ph.D. Motivation: Maintaining a Sorted Collection of Data A data dictionary
More informationssumathy@vit.ac.in upendra_mcs2@yahoo.com
S. Sumathy 1 and B.Upendra Kumar 2 1 School of Computing Sciences, VIT University, Vellore-632 014, Tamilnadu, India ssumathy@vit.ac.in 2 School of Computing Sciences, VIT University, Vellore-632 014,
More informationDigital Signatures. What are Signature Schemes?
Digital Signatures Debdeep Mukhopadhyay IIT Kharagpur What are Signature Schemes? Provides message integrity in the public key setting Counter-parts of the message authentication schemes in the public
More informationAuthentication Protocols Using Hoover-Kausik s Software Token *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 22, 691-699 (2006) Short Paper Authentication Protocols Using Hoover-Kausik s Software Token * WEI-CHI KU AND HUI-LUNG LEE + Department of Computer Science
More informationA Comparison of Self-Protecting Digital Content and AACS
A Comparison of Self-Protecting Digital Content and AACS Independent Security Evaluators www.securityevaluators.com May 3, 2005 Copyright 2005 Independent Security Evaluators, LLC Content Protection for
More informationLecture 15 - Digital Signatures
Lecture 15 - Digital Signatures Boaz Barak March 29, 2010 Reading KL Book Chapter 12. Review Trapdoor permutations - easy to compute, hard to invert, easy to invert with trapdoor. RSA and Rabin signatures.
More informationJumble for Microsoft Outlook
Jumble for Microsoft Outlook Jumble is a zero knowledge, end- to- end email encryption solution that integrates with existing email platforms. Jumble integrates at the email client level and removes the
More informationEncryption for Cloud Services Security: Problem or Panacea? @Zulfikar_Ramzan / CTO / www.elastica.net
Encryption for Cloud Services Security: Problem or Panacea? @Zulfikar_Ramzan / CTO / www.elastica.net Tectonic Shift in the Market SaaS On-Premise Many pieces to Buy, Assemble & Operate No visibility /
More informationDFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)
Title: Functional Category: Information Technology Services Issuing Department: Information Technology Services Code Number: xx.xxx.xx Effective Date: xx/xx/2014 1.0 PURPOSE 1.1 To appropriately manage
More informationFull and Complete Binary Trees
Full and Complete Binary Trees Binary Tree Theorems 1 Here are two important types of binary trees. Note that the definitions, while similar, are logically independent. Definition: a binary tree T is full
More informationEchidna: Efficient Clustering of Hierarchical Data for Network Traffic Analysis
Echidna: Efficient Clustering of Hierarchical Data for Network Traffic Analysis Abdun Mahmood, Christopher Leckie, Parampalli Udaya Department of Computer Science and Software Engineering University of
More informationThreat Modelling for Web Application Deployment. Ivan Ristic ivanr@webkreator.com (Thinking Stone)
Threat Modelling for Web Application Deployment Ivan Ristic ivanr@webkreator.com (Thinking Stone) Talk Overview 1. Introducing Threat Modelling 2. Real-world Example 3. Questions Who Am I? Developer /
More informationConfiguration management. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 29 Slide 1
Configuration management Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 29 Slide 1 Objectives To explain the importance of software configuration management (CM) To describe key CM activities
More informationRole Based Encryption with Efficient Access Control in Cloud Storage
Role Based Encryption with Efficient Access Control in Cloud Storage G. V. Bandewar 1, R. H. Borhade 2 1 Department of Information Technology, Sinhgad Technical Education Society s SKNCOE, Pune, India
More informationSINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT
SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT K.karthika 1, M. Daya kanimozhi Rani 2 1 K.karthika, Assistant professor, Department of IT, Adhiyamaan College of Engineering, Hosur
More informationYALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 1 (rev. 1) Professor M. J. Fischer September 3, 2008 1 Course Overview Lecture Notes 1 This course is
More informationHow Much Do I Need To Do to Comply? Vice president SystemExperts Corporation
How Much Do I Need To Do to Comply? Richard E. Mackey, Jr. Vice president SystemExperts Corporation Agenda Background Requirements and you Risk language Risk Factors Assessing risk Program elements and
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationWith Great Power comes Great Responsibility: Managing Privileged Users
With Great Power comes Great Responsibility: Managing Privileged Users Darren Harmer Senior Systems Engineer Agenda What is a Privileged User Privileged User Why is it important? Security Intelligence
More informationMobile Security Wireless Mesh Network Security. Sascha Alexander Jopen
Mobile Security Wireless Mesh Network Security Sascha Alexander Jopen Overview Introduction Wireless Ad-hoc Networks Wireless Mesh Networks Security in Wireless Networks Attacks on Wireless Mesh Networks
More informationLecture 5 - CPA security, Pseudorandom functions
Lecture 5 - CPA security, Pseudorandom functions Boaz Barak October 2, 2007 Reading Pages 82 93 and 221 225 of KL (sections 3.5, 3.6.1, 3.6.2 and 6.5). See also Goldreich (Vol I) for proof of PRF construction.
More informationSecure Hierarchical In-Network Aggregation in Sensor Networks
Secure Hierarchical In-Network Aggregation in Sensor Networks Haowen Chan Carnegie Mellon University haowenchan@cmu.edu Adrian Perrig Carnegie Mellon University perrig@cmu.edu Dawn Song Carnegie Mellon
More informationSingle Sign-On Secure Authentication Password Mechanism
Single Sign-On Secure Authentication Password Mechanism Deepali M. Devkate, N.D.Kale ME Student, Department of CE, PVPIT, Bavdhan, SavitribaiPhule University Pune, Maharashtra,India. Assistant Professor,
More informationRSA Authentication Manager 7.0 Planning Guide
RSA Authentication Manager 7.0 Planning Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers. RSA Security Inc. www.rsa.com Trademarks RSA and
More informationBinary Search Trees. Data in each node. Larger than the data in its left child Smaller than the data in its right child
Binary Search Trees Data in each node Larger than the data in its left child Smaller than the data in its right child FIGURE 11-6 Arbitrary binary tree FIGURE 11-7 Binary search tree Data Structures Using
More informationOutline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg
Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian
More informationApplications of obfuscation to software and hardware systems
Applications of obfuscation to software and hardware systems Victor P. Ivannikov Institute for System Programming Russian Academy of Sciences (ISP RAS) www.ispras.ru Program obfuscation is an efficient
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationProtecting Cryptographic Keys: The Trace and Revoke Approach
Protecting Cryptographic Keys: The Trace and Revoke Approach Dalit Naor Moni NaorÝ Abstract The problem of protecting ownership of digital content has become a target for many cryptographic studies in
More informationMulti-Channel Broadcast Encryption
Multi-Channel Broadcast Encryption Duong Hieu Phan 1,2, David Pointcheval 2, and Viet Cuong Trinh 1 1 LAGA, University of Paris 8 2 ENS / CNRS / INRIA Abstract. Broadcast encryption aims at sending a content
More informationPrivate Inference Control For Aggregate Database Queries
Private Inference Control For Aggregate Database Queries Geetha Jagannathan geetha@cs.rutgers.edu Rebecca N. Wright Rebecca.Wright@rutgers.edu Department of Computer Science Rutgers, State University of
More informationAttribute-Based Broadcast Encryption Scheme Made Efficient
Attribute-Based Broadcast Encryption Scheme Made Efficient David Lubicz Thomas Sirvent D. Lubicz, T. Sirvent (Celar - Irmar) Efficient Attribute-Based Encryption AfricaCrypt 2008, June 13 th 1 / 23 Outline
More informationNetwork-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2
Contents Introduction--1 Content and Purpose of This Guide...........................1 User Management.........................................2 Types of user accounts2 Security--3 Security Features.........................................3
More informationProviding Data Protection as a Service in Cloud Computing
International Journal of Scientific and Research Publications, Volume 3, Issue 6, June 2013 1 Providing Data Protection as a Service in Cloud Computing Sunumol Cherian *, Kavitha Murukezhan ** * Department
More informationMultilevel Access Control in a MANET for a Defense Messaging system using Elliptic Curve Cryptography
Multilevel Access Control in a MANET for a Defense Messaging system using Elliptic Curve Cryptography J. Nafeesa Begum nafeesa_jeddy@yahoo.com Sr.Lecturer/CSE Government College of Engineering,Bargur Krishnagiri
More informationCiphire Mail. Abstract
Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the
More informationVICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui
VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463
More information