Universally Composable Firewall Architectures using Trusted Hardware Dirk Achenbach, Jörn Müller-Quade, Jochen Rill
|
|
- Mercy Cain
- 8 years ago
- Views:
Transcription
1 Universally Composable Firewall Architectures usg Trusted Hardware Dirk Achenbach, Jörn Müller-Quade, Jochen Rill KARLSRUHE INSTITUTE OF TECHNOLOGY KIT University of the State of Baden-Wuerttemberg and National Laboratory of the Helmholtz Association
2 Outle 1 Concatenation of Packet Filters Actively Trusted Hardware Quorum Decisions 2 The Universal Composability Framework Provg the Security of Our Approach Universally Composable Firewall Architectures usg Trusted Hardware 2/23
3 Firewalls Universally Composable Firewall Architectures usg Trusted Hardware 3/23
4 Are Firewalls Really Secure? Universally Composable Firewall Architectures usg Trusted Hardware 4/23
5 Just Use Two! Universally Composable Firewall Architectures usg Trusted Hardware 5/23
6 This Doesn t Work Universally Composable Firewall Architectures usg Trusted Hardware 6/23
7 Trusted Hardware Our idea: Use a piece of trusted hardware Very simple functionality Not programmable, maybe even sealed Checks if what goes also comes H 1 H 2 hw put cmp put Universally Composable Firewall Architectures usg Trusted Hardware 7/23
8 Trusted Hardware This doesn t work either: The compromised firewall could send evil packets with clever timg: H 1 H 2 hw put cmp put Universally Composable Firewall Architectures usg Trusted Hardware 8/23
9 Data What ab this approach? H 1 hw put H put Research Challenge Rigorously analyse the security of this approach. Universally Composable Firewall Architectures usg Trusted Hardware 9/23
10 Data What ab this approach? H 1 hw put H put Research Challenge Rigorously analyse the security of this approach. Universally Composable Firewall Architectures usg Trusted Hardware 9/23
11 The Universal Composability Framework Formal framework for the security of cryptographic protocols. Compare the concrete protocol with an idealised version. Simulation-based approach. F 1 D A 2 S D 3 D Z Z Universally Composable Firewall Architectures usg Trusted Hardware 10/23
12 The Universal Composability Framework A protocol π securely realises an ideal functionality F if A S Z : REAL π,a,z IDEAL F,S,Z F 1 D A 2 S D 3 D Z Z Universally Composable Firewall Architectures usg Trusted Hardware 11/23
13 The Universal Composability Framework With this approach we need not specify what a (uncompromised) firewall actually does! H1 hw H2 put H2 2 1 put put put Security Intuition As if the compromised firewall was not there. Universally Composable Firewall Architectures usg Trusted Hardware 12/23
14 The Universal Composability Framework With this approach we need not specify what a (uncompromised) firewall actually does! H1 hw H2 put H2 2 1 put put put Security Intuition As if the compromised firewall was not there. Universally Composable Firewall Architectures usg Trusted Hardware 12/23
15 Caveat Emptor The Composition Theorem makes it possible to construct secure networks from smaller components: Theorem (Composition Theorem [1]) Let ρ, φ, π be protocols such that ρ uses φ as subre and π UC-emulates φ. Then protocol ρ φ π UC-emulates ρ. Setup Assumptions No non-trivial protocols can be proven secure the bare model [2]. Setup assumptions alleviate this problem: Common Reference Strgs [1], Public-Key Infrastructures [3], Tamper-Proof Hardware [4] Universally Composable Firewall Architectures usg Trusted Hardware 13/23
16 Caveat Emptor The Composition Theorem makes it possible to construct secure networks from smaller components: Theorem (Composition Theorem [1]) Let ρ, φ, π be protocols such that ρ uses φ as subre and π UC-emulates φ. Then protocol ρ φ π UC-emulates ρ. Setup Assumptions No non-trivial protocols can be proven secure the bare model [2]. Setup assumptions alleviate this problem: Common Reference Strgs [1], Public-Key Infrastructures [3], Tamper-Proof Hardware [4] Universally Composable Firewall Architectures usg Trusted Hardware 13/23
17 Our Setup Assumption: A Trusted Packet Comparator An idealised description of trusted hardware hw Keep a local cache realised as an unordered list. Upon receivg packet p on terface i: If there is another put terface j i, and a correspondg entry (j, q) with p q the cache: Remove (j, q) from the cache, put p. Otherwise, store (i, p) the cache. This is a much simpler functionality than that of a firewall! Universally Composable Firewall Architectures usg Trusted Hardware 14/23
18 Our Setup Assumption: A Trusted Packet Comparator An idealised description of trusted hardware hw Keep a local cache realised as an unordered list. Upon receivg packet p on terface i: If there is another put terface j i, and a correspondg entry (j, q) with p q the cache: Remove (j, q) from the cache, put p. Otherwise, store (i, p) the cache. This is a much simpler functionality than that of a firewall! Universally Composable Firewall Architectures usg Trusted Hardware 14/23
19 Security of Two Firewalls The ideal functionality of two firewalls F ideal Upon receivg (put, p): Ask the adversary if p should be delivered. If yes, let fw k be the non-corrupted party; calculate F fwk (p,, s) = (p, i, s ). Write p to the put tape of hw, if p and i. Else, do nothg. Save the new ternal state s. This is not an absolute guarantee! We state what the adversary s capabilities ideally should be. Universally Composable Firewall Architectures usg Trusted Hardware 15/23
20 Security of Two Firewalls The ideal functionality of two firewalls F ideal Upon receivg (put, p): Ask the adversary if p should be delivered. If yes, let fw k be the non-corrupted party; calculate F fwk (p,, s) = (p, i, s ). Write p to the put tape of hw, if p and i. Else, do nothg. Save the new ternal state s. This is not an absolute guarantee! We state what the adversary s capabilities ideally should be. Universally Composable Firewall Architectures usg Trusted Hardware 15/23
21 No! H 1 hw put H put No! The adversary can re-order packets at will! Universally Composable Firewall Architectures usg Trusted Hardware 16/23
22 No! H 1 hw put H put No! The adversary can re-order packets at will! Universally Composable Firewall Architectures usg Trusted Hardware 16/23
23 No! H 1 hw put H put No! The adversary can re-order packets at will! Universally Composable Firewall Architectures usg Trusted Hardware 16/23
24 No! H 1 put H 2 hw 1 2 put No! The adversary can re-order packets at will! Universally Composable Firewall Architectures usg Trusted Hardware 16/23
25 No! H 1 put H 2 hw 1 2 put No! The adversary can re-order packets at will! Universally Composable Firewall Architectures usg Trusted Hardware 16/23
26 The ideal functionality of the two-firewall approach The ideal functionality of two firewalls with packet reorderg F ideal2 Upon receivg (put, p): Let w.l.o.g fw 1 be the non-corrupted party; calculate F fw1 (p,, s) = (p, i, s ). If p and i, save p an dexed memory structure m at the next free dex. Save new ternal state s. Give p to the adversary. Upon receivg (deliver, j) from the adversary: If m[j] contas a valid packet, write (, m[j]) to the put tape of hw and clear m[j]; else do nothg. This explicitly models the adversary s ability to schedule packets! Universally Composable Firewall Architectures usg Trusted Hardware 17/23
27 The ideal functionality of the two-firewall approach The ideal functionality of two firewalls with packet reorderg F ideal2 Upon receivg (put, p): Let w.l.o.g fw 1 be the non-corrupted party; calculate F fw1 (p,, s) = (p, i, s ). If p and i, save p an dexed memory structure m at the next free dex. Save new ternal state s. Give p to the adversary. Upon receivg (deliver, j) from the adversary: If m[j] contas a valid packet, write (, m[j]) to the put tape of hw and clear m[j]; else do nothg. This explicitly models the adversary s ability to schedule packets! Universally Composable Firewall Architectures usg Trusted Hardware 17/23
28 What Ab Availability? H 1 i 1 i 2 hw 1 H 2 hw 2 / i 1 env 1 i 2 i 3 i 1 i 2 i 1 i 2 env 2 i 3 / H 3 i 1 i 2 Is this as secure as the 2-firewall approach? Universally Composable Firewall Architectures usg Trusted Hardware 18/23
29 Packet Duplication Attack H 1 i 1 i 2 hw 1 H 2 hw 2 / i 1 env 1 i 2 i 3 i 1 i 2 i 1 i 2 env 2 i 3 / H 3 i 1 i 2 Universally Composable Firewall Architectures usg Trusted Hardware 19/23
30 Packet Duplication Attack H 1 i 1 i 2 hw 1 H 2 hw 2 / i 1 env 1 i 2 i 3 i 1 i 2 H 3 i 1 i 2 env 2 i 3 / i 1 i 2 Universally Composable Firewall Architectures usg Trusted Hardware 19/23
31 Packet Duplication Attack H 1 i 1 i 2 hw 1 H 2 hw 2 / i 1 env 1 i 2 i 3 i 1 i 2 H 3 i 1 i 2 env 2 i 3 / i 1 i 2 Universally Composable Firewall Architectures usg Trusted Hardware 19/23
32 Packet Duplication Attack H 1 i 1 i 2 hw 1 H 2 hw 2 / i 1 env 1 i 2 i 3 i 1 i 2 H 3 i 1 i 2 env 2 i 3 / i 1 i 2 Universally Composable Firewall Architectures usg Trusted Hardware 19/23
33 Fix: Packet Accountg Keep a local cache for each comg terface realised as an unordered list. Upon receivg packet p on terface i: Check if the cache of terface i contas an entry q with p q. If so, delete q and halt. Check if there exists an terface j i with an entry q with p q the cache of that terface: Remove q from the cache, put p, add an entry p to the cache of all other terfaces k with k i and k j. Otherwise, store p the cache of terface i. Universally Composable Firewall Architectures usg Trusted Hardware 20/23
34 Conclusion We vestigated the idea of actively compromised firewalls. Goal: Combe several candidate implementations to one secure firewall. Serial concatenation does not work, even with trusted hardware. The quorum does work. Future Work: Model availability UC, Bounded Queues. Universally Composable Firewall Architectures usg Trusted Hardware 21/23
35 References R. Canetti, Universally composable security: a new paradigm for cryptographic protocols, Foundations of Computer Science, Proceedgs. 42nd IEEE Symposium on, oct R. Canetti and M. Fischl, Universally composable commitments, Advances Cryptology Crypto Sprger, 2001, pp B. Barak, R. Canetti, J. B. Nielsen, and R. Pass, Universally composable protocols with relaxed set-up assumptions, Foundations of Computer Science, Proceedgs. 45th Annual IEEE Symposium on. IEEE, 2004, pp J. Katz, Universally composable multi-party computation usg tamper-proof hardware, Advances Cryptology EUROCRYPT 2007, ser. Lecture Notes Computer Science, M. Naor, Ed. Sprger Berl Heidelberg, 2007, vol. 4515, pp [Onle]. Available: 7 Universally Composable Firewall Architectures usg Trusted Hardware 22/23
Universally Composable Firewall Architectures using Trusted Hardware
Universally Composable Firewall Architectures using Trusted Hardware Dirk Achenbach 1, Jörn Müller-Quade 1, and Jochen Rill 2 1 Karlsruhe Institute of Technology (KIT) {dirk.achenbach,joern.mueller-quade}@kit.edu
More informationNon-Black-Box Techniques In Crytpography. Thesis for the Ph.D degree Boaz Barak
Non-Black-Box Techniques In Crytpography Introduction Thesis for the Ph.D degree Boaz Barak A computer program (or equivalently, an algorithm) is a list of symbols a finite string. When we interpret a
More informationTrading Static for Adaptive Security in Universally Composable Zero-Knowledge
Trading Static for Adaptive Security in Universally Composable Zero-Knowledge Aggelos Kiayias and Hong-Sheng Zhou Computer Science and Engineering University of Connecticut Storrs, CT, USA {aggelos,hszhou}@cse.uconn.edu
More informationSecure APIs and Simulationbased. Exposé thésard
Secure APIs and Simulationbased Security Exposé thésard 1 ME & MY THESIS at LSV since Oct 2010 Batiment IRIS Supervisors: Graham & Steve INRIA 2 Outline What are Secure Tokens, and what use do they have?
More informationSimulation-Based Security with Inexhaustible Interactive Turing Machines
Simulation-Based Security with Inexhaustible Interactive Turing Machines Ralf Küsters Institut für Informatik Christian-Albrechts-Universität zu Kiel 24098 Kiel, Germany kuesters@ti.informatik.uni-kiel.de
More informationOn Combining Privacy with Guaranteed Output Delivery in Secure Multiparty Computation
On Combining Privacy with Guaranteed Output Delivery in Secure Multiparty Computation Yuval Ishai 1, Eyal Kushilevitz 1, Yehuda Lindell 2, and Erez Petrank 1 1 Technion ({yuvali,eyalk,erez}@cs.technion.ac.il)
More informationAn Overview of Common Adversary Models
An Overview of Common Adversary Karl Palmskog palmskog@kth.se 2012-03-29 Introduction Requirements of Software Systems 1 Functional Correctness: partial, termination, liveness, safety,... 2 Nonfunctional
More informationSecure Computation Without Authentication
Secure Computation Without Authentication Boaz Barak 1, Ran Canetti 2, Yehuda Lindell 3, Rafael Pass 4, and Tal Rabin 2 1 IAS. E:mail: boaz@ias.edu 2 IBM Research. E-mail: {canetti,talr}@watson.ibm.com
More informationLecture 9 - Message Authentication Codes
Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,
More information1999 2004 Diploma (5-year degree), School of Applied Mathematics and Physics, NTUA (Greece) Major: Computer Science and Applied Mathematics.
Curriculum Vitae Vassilis Zikas Postdoctoral Researcher, UCLA University of California, Los Angeles Los Angeles, CA 90095-1596 +1 (424) 781-7942 vzikas@cs.ucla.edu www.cs.ucla.edu/~vzikas Education 2006
More informationMoonv6 Test Suite. IPv6 Firewall Network Level Interoperability Test Suite. Technical Document. Revision 1.0
Moonv6 Test Suite IPv6 Firewall Network Level Interoperability Test Suite Technical Document Revision 1.0 IPv6 Consortium 121 Technology Drive, Suite 2 InterOperability Laboratory Durham, NH 03824-3525
More informationA Method for Making Password-Based Key Exchange Resilient to Server Compromise
A Method for Making Password-Based Key Exchange Resilient to Server Compromise Craig Gentry 1, Philip MacKenzie 2, and Zulfikar Ramzan 3 1 Stanford University, Palo Alto, CA, USA, cgentry@cs.stanford.edu
More informationCCN. CCNx 1.0 Internet of Things Architectural Overview. Computer Science Laboratory Networking & Distributed Systems March 2014
CCN CCNx 1.0 Internet of Things Architectural Overview Computer Science Laboratory Networking & Distributed Systems March 2014 CCN IoT Platform Accomodate multiple IoT protocols Improve performance and
More informationThe methodology. Interne. 1 Introduction
1 Introduction The methodology In an ideal world, firewall infrastructures are designed by people with experience, people who have the experience to intuitively know what they are doing. Ideally, these
More informationCryptography: Authentication, Blind Signatures, and Digital Cash
Cryptography: Authentication, Blind Signatures, and Digital Cash Rebecca Bellovin 1 Introduction One of the most exciting ideas in cryptography in the past few decades, with the widest array of applications,
More informationApplication Security: Threats and Architecture
Application Security: Threats and Architecture Steven M. Bellovin smb@cs.columbia.edu http://www.cs.columbia.edu/ smb Steven M. Bellovin August 4, 2005 1 We re from the Security Area, and We re Here to
More informationLecture 15 - Digital Signatures
Lecture 15 - Digital Signatures Boaz Barak March 29, 2010 Reading KL Book Chapter 12. Review Trapdoor permutations - easy to compute, hard to invert, easy to invert with trapdoor. RSA and Rabin signatures.
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationThreat modeling of the security architectures of various wireless technologies
Threat modeling of the security architectures of various wireless technologies Naïm Qachri Olivier Markowitch Yves Roggeman Université Libre de Bruxelles, Département d informatique CP212, boulevard du
More informationBreaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring
Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring Eli Biham Dan Boneh Omer Reingold Abstract The Diffie-Hellman key-exchange protocol may naturally be extended to k > 2
More informationEnhanced Security Models for Network Protocols
Enhanced Security Models for Network Protocols by Shabsi Walfish A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy Department of Computer Science
More informationMANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS
INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS Kanchupati Kondaiah 1, B.Sudhakar 2 1 M.Tech Student, Dept of CSE,
More informationAssumption Busters Workshop - Cloud Computing
Assumption Busters Workshop - Cloud Computing Background: In 2011, the U.S. Federal Cyber Research Community conducted a series of four workshops designed to examine key assumptions that underlie current
More informationAnalysis of Privacy-Preserving Element Reduction of Multiset
Analysis of Privacy-Preserving Element Reduction of Multiset Jae Hong Seo 1, HyoJin Yoon 2, Seongan Lim 3, Jung Hee Cheon 4 and Dowon Hong 5 1,4 Department of Mathematical Sciences and ISaC-RIM, Seoul
More informationThe Role of Cryptography in Database Security
The Role of Cryptography in Database Security Ueli Maurer Department of Computer Science ETH Zurich CH-8092 Zurich, Switzerland maurer@inf.ethz.ch ABSTRACT In traditional database security research, the
More informationA Draft Framework for Designing Cryptographic Key Management Systems
A Draft Framework for Designing Cryptographic Key Management Systems Elaine Barker Dennis Branstad Santosh Chokhani Miles Smid IEEE Key Management Summit May 4, 2010 Purpose of Presentation To define what
More informationLecture VII : Public Key Infrastructure (PKI)
Lecture VII : Public Key Infrastructure (PKI) Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 Problems with Public
More informationCSC474/574 - Information Systems Security: Homework1 Solutions Sketch
CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher
More informationMoonv6 Test Suite DRAFT
Moonv6 Test Suite DHCP Interoperability Test Suite DRAFT Technical Document Revision 0.1 IPv6 Consortium 121 Technology Drive, Suite 2 InterOperability Laboratory Durham, NH 03824-3525 Research Computing
More informationOverview. Firewall Security. Perimeter Security Devices. Routers
Overview Firewall Security Chapter 8 Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security
More informationSecurity Analysis of DRBG Using HMAC in NIST SP 800-90
Security Analysis of DRBG Using MAC in NIST SP 800-90 Shoichi irose Graduate School of Engineering, University of Fukui hrs shch@u-fukui.ac.jp Abstract. MAC DRBG is a deterministic random bit generator
More informationTwo Factor Zero Knowledge Proof Authentication System
Two Factor Zero Knowledge Proof Authentication System Quan Nguyen Mikhail Rudoy Arjun Srinivasan 6.857 Spring 2014 Project Abstract It is often necessary to log onto a website or other system from an untrusted
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationAccess Control. 1 Overview of Access Control. Lecture Notes (Syracuse University) Access Control: 1. What is Access Control?
Lecture Notes (Syracuse University) Access Control: 1 Access Control 1 Overview of Access Control What is Access Control? The ability to allow only authorized users, programs or processes system or resource
More informationPERFORMANCE ANALYSIS OF PaaS CLOUD COMPUTING SYSTEM
PERFORMANCE ANALYSIS OF PaaS CLOUD COMPUTING SYSTEM Akmal Basha 1 Krishna Sagar 2 1 PG Student,Department of Computer Science and Engineering, Madanapalle Institute of Technology & Science, India. 2 Associate
More informationA Secure Protocol for the Oblivious Transfer (Extended Abstract) M. J. Fischer. Yale University. S. Micali Massachusetts Institute of Technology
J, Cryptoiogy (1996) 9:191-195 Joumol of CRYPTOLOGY O 1996 International Association for Cryptologic Research A Secure Protocol for the Oblivious Transfer (Extended Abstract) M. J. Fischer Yale University
More informationIntro to Firewalls. Summary
Topic 3: Lesson 2 Intro to Firewalls Summary Basic questions What is a firewall? What can a firewall do? What is packet filtering? What is proxying? What is stateful packet filtering? Compare network layer
More informationOn the Limits of Anonymous Password Authentication
On the Limits of Anonymous Password Authentication Yan-Jiang Yang a Jian Weng b Feng Bao a a Institute for Infocomm Research, Singapore, Email: {yyang,baofeng}@i2r.a-star.edu.sg. b School of Computer Science,
More informationCertified Security Proofs of Cryptographic Protocols in the Computational Model : an Application to Intrusion Resilience
Certified Security Proofs of Cryptographic Protocols in the Computational Model : an Application to Intrusion Resilience Pierre Corbineau Mathilde Duclos Yassine Lakhnech Université de Grenoble, CNRS Verimag,
More informationArnab Roy Fujitsu Laboratories of America and CSA Big Data WG
Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG 1 The Big Data Working Group (BDWG) will be identifying scalable techniques for data-centric security and privacy problems. BDWG s investigation
More informationFirewalls Overview and Best Practices. White Paper
Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not
More informationA Study of Network Security Systems
A Study of Network Security Systems Ramy K. Khalil, Fayez W. Zaki, Mohamed M. Ashour, Mohamed A. Mohamed Department of Communication and Electronics Mansoura University El Gomhorya Street, Mansora,Dakahlya
More informationIntroduction to computer science
Introduction to computer science Michael A. Nielsen University of Queensland Goals: 1. Introduce the notion of the computational complexity of a problem, and define the major computational complexity classes.
More informationAnalysis of Key-Exchange Protocols and Their Use for Building Secure Channels
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels Ran Canetti 1 and Hugo Krawczyk 2, 1 IBM T.J. Watson Research Center, Yorktown Heights, New York 10598. canetti@watson.ibm.com
More informationCorporate PC Backup - Best Practices
A Druva Whitepaper Corporate PC Backup - Best Practices This whitepaper explains best practices for successfully implementing laptop backup for corporate workforce. White Paper WP /100 /009 Oct 10 Table
More informationSession Initiation Protocol Attacks and Challenges
2012 IACSIT Hong Kong Conferences IPCSIT vol. 29 (2012) (2012) IACSIT Press, Singapore Session Initiation Protocol Attacks and Challenges Hassan Keshavarz +, Mohammad Reza Jabbarpour Sattari and Rafidah
More informationPublic Key Infrastructure (PKI)
Public Key Infrastructure (PKI) In this video you will learn the quite a bit about Public Key Infrastructure and how it is used to authenticate clients and servers. The purpose of Public Key Infrastructure
More informationVoucher Web Metering Using Identity Management Systems
Voucher Web Metering Using Identity Management Systems Fahad Alarifi Abstract Web Metering is a method to find out content and services exposure to visitors. This paper proposes a visitor centric voucher
More informationSECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES
www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,
More informationLimits of Computational Differential Privacy in the Client/Server Setting
Limits of Computational Differential Privacy in the Client/Server Setting Adam Groce, Jonathan Katz, and Arkady Yerukhimovich Dept. of Computer Science University of Maryland {agroce, jkatz, arkady}@cs.umd.edu
More informationpacket retransmitting based on dynamic route table technology, as shown in fig. 2 and 3.
Implementation of an Emulation Environment for Large Scale Network Security Experiments Cui Yimin, Liu Li, Jin Qi, Kuang Xiaohui National Key Laboratory of Science and Technology on Information System
More informationApplying General Access Structure to Metering Schemes
Applying General Access Structure to Metering Schemes Ventzislav Nikov Department of Mathematics and Computing Science, Eindhoven University of Technology P.O. Box 513, 5600 MB, Eindhoven, the Netherlands
More informationSE 4C03 Winter 2005 An Introduction of Firewall Architectures and Functions. Kevin Law 26 th March, 2005-03-29
SE 4C03 Winter 2005 An Introduction of Firewall Architectures and Functions Kevin Law 26 th March, 2005-03-29 1). Introduction A person who has used the Internet before would hear about the term firewall.
More informationRunning the scientific data archive
Running the scientific data archive Costs, technologies, challenges Jos van Wezel STEINBUCH CENTRE FOR COMPUTING - SCC KIT University of the State of Baden-Württemberg and National Laboratory of the Helmholtz
More informationWeb Email DNS Peer-to-peer systems (file sharing, CDNs, cycle sharing)
1 1 Distributed Systems What are distributed systems? How would you characterize them? Components of the system are located at networked computers Cooperate to provide some service No shared memory Communication
More informationMiddleboxes. Firewalls. Internet Ideal: Simple Network Model. Internet Reality. Middleboxes. Firewalls. Globally unique idenpfiers
Ideal: Simple Network Model Middleboxes Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101 hgp://www.cs.princeton.edu/courses/archive/spr12/cos461/ Globally unique
More informationPrivacy and Identity Management for Europe
Privacy and Identity Management for Europe Pierangela Samarati Università degli Studi di Milano Milan, Italy samarati@dti.unimi.it Page 1 Vision and Objectives Users disclose vast amounts of personal information
More informationTable 1. User Instructions
Specifying and Verifying Hardware for Tamper-Resistant Software David Lie John Mitchell Chandramohan A. Thekkath Mark Horowitz Computer Systems Laboratory Stanford University Stanford CA 94305 Abstract
More informationImplementation of Role Based Access Control on Encrypted Data in Hybrid Cloud
Implementation of Role Based Access Control on Encrypted Data in Hybrid Cloud Gajanan Ganorkar, Prof. A.B. Deshmukh, Prof M.D.Tambhakhe Information Technology Email:g.ganorkar7691@gmail.com Contact: 8600200142
More informationAn Overview of Challenges of Component Based Software Engineering
An Overview of Challenges of Component Based Software Engineering Shabeeh Ahmad Siddiqui Sr Lecturer, Al-Ahgaff University, Yemen Abstract Nowadays there is trend of using components in development of
More informationIntegrating a web application with Siebel CRM system
Integrating a web application with Siebel CRM system Mika Salminen, Antti Seppälä Helsinki University of Technology, course Business Process Integration: Special Course in Information Systems Integration,
More informationStateful Inspection Firewall Session Table Processing
International Journal of Information Technology, Vol. 11 No. 2 Xin Li, ZhenZhou Ji, and MingZeng Hu School of Computer Science and Technology Harbin Institute of Technology 92 West Da Zhi St. Harbin, China
More informationDIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES
DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES Saiprasad Dhumal * Prof. K.K. Joshi Prof Sowmiya Raksha VJTI, Mumbai. VJTI, Mumbai VJTI, Mumbai. Abstract piracy of digital content is a one of the
More informationA Secure and Efficient Conference Key Distribution System
********************** COVER PAGE ********************** A Secure and Efficient Conference Key Distribution System (Extended Abstract) Mike Burmester Department of Mathematics Royal Holloway University
More informationQuantum Q-Cloud Backup-as-a-Service Reference Architecture
Quantum Q-Cloud Backup-as-a-Service Reference Architecture NOTICE This Technology Brief may contain proprietary information protected by copyright. Information in this Technology Brief is subject to change
More informationPerformance metrics for parallel systems
Performance metrics for parallel systems S.S. Kadam C-DAC, Pune sskadam@cdac.in C-DAC/SECG/2006 1 Purpose To determine best parallel algorithm Evaluate hardware platforms Examine the benefits from parallelism
More informationFormal Methods in Security Protocols Analysis
Formal Methods in Security Protocols Analysis Li Zhiwei Aidong Lu Weichao Wang Department of Computer Science Department of Software and Information Systems University of North Carolina at Charlotte Big
More informationThe Exact Security of Digital Signatures How to Sign with RSA and Rabin
Appears in Advances in Cryptology Eurocrypt 96 Proceedings, Lecture Notes in Computer Science Vol. 1070, U. Maurer ed., Springer-Verlag, 1996. The Exact Security of Digital Signatures How to Sign with
More informationCompter Networks Chapter 9: Network Security
Goals of this chapter Compter Networks Chapter 9: Network Security Give a brief glimpse of security in communication networks Basic goals and mechanisms Holger Karl Slide set: Günter Schäfer, TU Ilmenau
More informationSecure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment
Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Chih Hung Wang Computer Science and Information Engineering National Chiayi University Chiayi City 60004,
More informationEmbedded System Design. Disclaimer
Embedded System Design CS/ECE 6780/5780 Al Davis Today s topics: course logistics & overview organize lab sessions 1 CS 5780 Disclaimer Course traditionally taught by John Regehr (SoC) or Chris Myers (ECE)
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More information2 Protocol Analysis, Composability and Computation
2 Protocol Analysis, Composability and Computation Ross Anderson, Michael Bond Security protocols early days The study of security protocols has been associated with Roger Needham since 1978, when he published
More informationSubtitle? Subtitle? Subtitle? Subtitle? Privacy Preserving Protocols. Subtitle? Subtitle? Subtitle? Subtitle? and Security Proof Techniques
Author Lillian Kråkmo Title Subtitle? Subtitle? Subtitle? Subtitle? Privacy Preserving Protocols Subtitle? Subtitle? Subtitle? Subtitle? and Security Proof Techniques Thesis for the degree of Philosophiae
More informationThe Halting Problem is Undecidable
185 Corollary G = { M, w w L(M) } is not Turing-recognizable. Proof. = ERR, where ERR is the easy to decide language: ERR = { x { 0, 1 }* x does not have a prefix that is a valid code for a Turing machine
More informationNetfilter Failover. Connection Tracking State Replication. Krisztián Kovács <hidden@sch.bme.hu> 2003.08.17
Netfilter Failover Connection Tracking State Replication Krisztián Kovács 2003.08.17 1 Original idea Harald's OLS 2002 paper: How To Replicate The Fire HA For Netfilter Based Firewalls
More informationPacket Sampling and Network Monitoring
Packet Sampling and Network Monitoring CERN openlab Monthly Technical Meeting 13 th November, 2007 Milosz Marian Hulboj milosz.marian.hulboj@cern.ch Ryszard Erazm Jurga ryszard.jurga@cern.ch What is Network
More informationInternational Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013
FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,
More informationModular Security Proofs for Key Agreement Protocols
Modular Security Proofs for Key Agreement Protocols Caroline Kudla and Kenneth G. Paterson Information Security Group Royal Holloway, niversity of London, K {c.j.kudla,kenny.paterson}@rhul.ac.uk Abstract.
More informationPractical Yet Universally Composable Two-Server Password-Authenticated Secret Sharing
Practical Yet Universally Composable Two-Server Password-Authenticated Secret Sharing Jan Camenisch IBM Research Zurich jca@zurich.ibm.com Anna Lysyanskaya Brown University anna@cs.brown.edu Gregory Neven
More informationFormal Modelling of Network Security Properties (Extended Abstract)
Vol.29 (SecTech 2013), pp.25-29 http://dx.doi.org/10.14257/astl.2013.29.05 Formal Modelling of Network Security Properties (Extended Abstract) Gyesik Lee Hankyong National University, Dept. of Computer
More informationInternational Journal of Scientific & Engineering Research, Volume 4, Issue 8, August-2013 1300 ISSN 2229-5518
International Journal of Scientific & Engineering Research, Volume 4, Issue 8, August-2013 1300 Efficient Packet Filtering for Stateful Firewall using the Geometric Efficient Matching Algorithm. Shriya.A.
More informationProtocols for Secure Cloud Computing
IBM Research Zurich Christian Cachin 28 September 2010 Protocols for Secure Cloud Computing 2009 IBM Corporation Where is my data? 1985 2010 Who runs my computation? 1985 2010 IBM Research - Zurich Overview
More informationReconciling multiple IPsec and firewall policies
Reconciling multiple IPsec and firewall policies Tuomas Aura, Moritz Becker, Michael Roe, Piotr Zieliński Submission to SPW 2007 Abstract Manually configuring large firewall policies can be a hard and
More informationStrengthen RFID Tags Security Using New Data Structure
International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University
More informationSECURE WEB GATEWAY DEPLOYMENT METHODOLOGIES
WHITEPAPER In today s complex network architectures it seems there are limitless ways to deploy networking equipment. This may be the case for some networking gear, but for web gateways there are only
More informationTHE UNIVERSITY OF TRINIDAD & TOBAGO
THE UNIVERSITY OF TRINIDAD & TOBAGO FINAL ASSESSMENT/EXAMINATIONS DECEMBER 2013 ALTERNATE Course Code and Title: TCOM3003 Communication Security and Privacy Programme: Bachelor of Applied Science in Computer
More informationDisable Redundant Windows XP Services which are Hogging Your RAM
X P Services Optimisation X 36/1 Disable Redundant Windows XP Services which are Hogging Your RAM With the information in this article you can: Configure your Windows XP Services for top performance Identify
More information1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.
1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks
More information51-30-10 Selecting a Firewall Gilbert Held
51-30-10 Selecting a Firewall Gilbert Held Payoff Although a company may reap significant benefits from connecting to a public network such as the Internet, doing so can sometimes compromise the security
More informationPreview of a Novel Architecture for Large Scale Storage
Preview of a Novel Architecture for Large Scale Storage Andreas Petzold, Christoph-Erdmann Pfeiler, Jos van Wezel Steinbuch Centre for Computing STEINBUCH CENTRE FOR COMPUTING - SCC KIT University of the
More informationFactoring & Primality
Factoring & Primality Lecturer: Dimitris Papadopoulos In this lecture we will discuss the problem of integer factorization and primality testing, two problems that have been the focus of a great amount
More informationWireless Sensor Networks Chapter 14: Security in WSNs
Wireless Sensor Networks Chapter 14: Security in WSNs António Grilo Courtesy: see reading list Goals of this chapter To give an understanding of the security vulnerabilities of Wireless Sensor Networks
More informationAuthentication Applications
Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures will consider Kerberos a private-key authentication service
More informationA PRACTICAL APPROACH TO INCLUDE SECURITY IN SOFTWARE DEVELOPMENT
A PRACTICAL APPROACH TO INCLUDE SECURITY IN SOFTWARE DEVELOPMENT Chandramohan Muniraman, University of Houston-Victoria, chandram@houston.rr.com Meledath Damodaran, University of Houston-Victoria, damodaranm@uhv.edu
More informationData Storage Security in Cloud Computing for Ensuring Effective and Flexible Distributed System
Data Storage Security in Cloud Computing for Ensuring Effective and Flexible Distributed System 1 K.Valli Madhavi A.P vallimb@yahoo.com Mobile: 9866034900 2 R.Tamilkodi A.P tamil_kodiin@yahoo.co.in Mobile:
More informationProject 2: Penetration Testing (Phase II)
Project 2: Penetration Testing (Phase II) CS 161 - Joseph/Tygar November 17, 2006 1 Edits If we need to make clarifications or corrections to this document after distributing it, we will post a new version
More informationA secure email login system using virtual password
A secure email login system using virtual password Bhavin Tanti 1,Nishant Doshi 2 1 9seriesSoftwares, Ahmedabad,Gujarat,India 1 {bhavintanti@gmail.com} 2 SVNIT, Surat,Gujarat,India 2 {doshinikki2004@gmail.com}
More informationA Secure Model for Medical Data Sharing
International Journal of Database Theory and Application 45 A Secure Model for Medical Data Sharing Wong Kok Seng 1,1,Myung Ho Kim 1, Rosli Besar 2, Fazly Salleh 2 1 Department of Computer, Soongsil University,
More information