Visible to the public Biblio

Filters: Keyword is trusted third parties  [Clear All Filters]
2018-05-30
Su, C., Santoso, B., Li, Y., Deng, R. H., Huang, X..  2017.  Universally Composable RFID Mutual Authentication. IEEE Transactions on Dependable and Secure Computing. 14:83–94.

Universally Composable (UC) framework provides the strongest security notion for designing fully trusted cryptographic protocols, and it is very challenging on applying UC security in the design of RFID mutual authentication protocols. In this paper, we formulate the necessary conditions for achieving UC secure RFID mutual authentication protocols which can be fully trusted in arbitrary environment, and indicate the inadequacy of some existing schemes under the UC framework. We define the ideal functionality for RFID mutual authentication and propose the first UC secure RFID mutual authentication protocol based on public key encryption and certain trusted third parties which can be modeled as functionalities. We prove the security of our protocol under the strongest adversary model assuming both the tags' and readers' corruptions. We also present two (public) key update protocols for the cases of multiple readers: one uses Message Authentication Code (MAC) and the other uses trusted certificates in Public Key Infrastructure (PKI). Furthermore, we address the relations between our UC framework and the zero-knowledge privacy model proposed by Deng et al. [1].

2018-03-19
Al-Aaridhi, R., Yueksektepe, A., Graffi, K..  2017.  Access Control for Secure Distributed Data Structures in Distributed Hash Tables. 2017 IEEE International Symposium on Local and Metropolitan Area Networks (LANMAN). :1–3.
Peer-To-Peer (P2P) networks open up great possibilities for intercommunication, collaborative and social projects like file sharing, communication protocols or social networks while offering advantages over the conventional Client-Server model of computing pattern. Such networks counter the problems of centralized servers such as that P2P networks can scale to millions without additional costs. In previous work, we presented Distributed Data Structure (DDS) which offers a middle-ware scheme for distributed applications. This scheme builds on top of DHT (Distributed Hash Table) based P2P overlays, and offers distributed data storage services as a middle-ware it still needs to address security issues. The main objective of this paper is to investigate possible ways to handle the security problem for DDS, and to develop a possibly reusable security architecture for access control for secure distributed data structures in P2P networks without depending on trusted third parties.
2017-09-27
Malchow, Jan-Ole, Güldenring, Benjamin, Roth, Volker.  2016.  POSTER: Re-Thinking Risks and Rewards for Trusted Third Parties. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :1796–1798.
Commercial trusted third parties (TTPs) may increase their bottom line by watering down their validation procedures because they assume no liability for lapses of judgement. Consumers bear the risk of misplaced trust. Reputation loss is a weak deterrent for TTPs because consumers do not choose them - web shops and browser vendors do. At the same time, consumers are the source of income of these parties. Hence, risks and rewards are not well-aligned. Towards a better alignment, we explore the brokering of connection insurances and transaction insurances, where consumers get to choose their insurer. We lay out the principal idea how such a brokerage might work at a technical level with minimal interference with existing protocols and mechanisms, we analyze the security requirements and we propose techniques to meet these requirements.