Visible to the public Biblio

Filters: Author is Kapitza, Rüdiger  [Clear All Filters]
2018-03-26
Goltzsche, David, Wulf, Colin, Muthukumaran, Divya, Rieck, Konrad, Pietzuch, Peter, Kapitza, Rüdiger.  2017.  TrustJS: Trusted Client-Side Execution of JavaScript. Proceedings of the 10th European Workshop on Systems Security. :7:1–7:6.

Client-side JavaScript has become ubiquitous in web applications to improve user experience and reduce server load. However, since clients are untrusted, servers cannot rely on the confidentiality or integrity of client-side JavaScript code and the data that it operates on. For example, client-side input validation must be repeated at server side, and confidential business logic cannot be offloaded. In this paper, we present TrustJS, a framework that enables trustworthy execution of security-sensitive JavaScript inside commodity browsers. TrustJS leverages trusted hardware support provided by Intel SGX to protect the client-side execution of JavaScript, enabling a flexible partitioning of web application code. We present the design of TrustJS and provide initial evaluation results, showing that trustworthy JavaScript offloading can further improve user experience and conserve more server resources.

2018-03-05
Rüsch, Signe, Schürmann, Dominik, Kapitza, Rüdiger, Wolf, Lars.  2017.  Forward Secure Delay-Tolerant Networking. Proceedings of the 12th Workshop on Challenged Networks. :7–12.

Delay-Tolerant Networks exhibit highly asynchronous connections often routed over many mobile hops before reaching its intended destination. The Bundle Security Protocol has been standardized providing properties such as authenticity, integrity, and confidentiality of bundles using traditional Public-Key Cryptography. Other protocols based on Identity-Based Cryptography have been proposed to reduce the key distribution overhead. However, in both schemes, secret keys are usually valid for several months. Thus, a secret key extracted from a compromised node allows for decryption of past communications since its creation. We solve this problem and propose the first forward secure protocol for Delay-Tolerant Networking. For this, we apply the Puncturable Encryption construction designed by Green and Miers, integrate it into the Bundle Security Protocol and adapt its parameters for different highly asynchronous scenarios. Finally, we provide performance measurements and discuss their impact.