Your search keyword '"Security properties"' showing total 596 results

1. Security Challenges in Wireless Sensor Network: Current Status and Future Trends.

Author

Ram, G. Mohan and Ilavarasan, E.

Subjects

WIRELESS sensor network security, WIRELESS sensor networks, TELECOMMUNICATION, WIRELESS communications, POWER resources

Abstract

WSNs have several applications in the military, the environment, and medicine. These applications often involve tracking sensor data, such as the actions of enemies on the battlefield or the position of people within a structure. As a result, Wireless sensor network (WSN) security is of prime concern. However, WSNs face many challenges, including low computing power, low memory, tight power supplies, vulnerability to physical detection, and unreliable wireless communication paths. These problems complicate the security of WSNs. This paper is an overview of the security of WSNs. This paper explains the number of security-related issues related to WSNs, including secure routing methods, various security attacks, etc. Then, the limitation of security in WSNs is examined and contrasted as challenging. Also, the pros and cons of multiple WSN security protocols are explained. For each open research question in each sub-area, conclusions are drawn regarding possible future study directions on safety in WSNs. [ABSTRACT FROM AUTHOR]

Published

2024

2. The cybersecurity of fairy tales.

Author

Viganò, Luca

Subjects

PUBLIC understanding of science, FAIRY tales, INTERNET security, LAYPERSONS

Abstract

The timeless nature of fairy tales can help uncover the timeless nature of many cybersecurity notions. Using 16 classical tales as illustration, in this article, the author shows that fairy tales are full of cybersecurity motifs and examples, and can thus be used extensively and effectively to explain cybersecurity notions. Obviously not cybersecurity as we know it today, but rather the fundamental and archetypal concepts that are at its heart. Fairy tales can thus be employed to mediate in conversations with less-knowledgeable, misinformed, or even skeptical laypersons about cybersecurity, increase their understanding and awareness, and thereby strengthen the overall cybersecurity of systems and applications. [ABSTRACT FROM AUTHOR]

Published

2024

3. Security Verification

Author

Tehranipoor, Mark, Nalla Anandakumar, N., Farahmandi, Farimah, Tehranipoor, Mark, Anandakumar, N. Nalla, and Farahmandi, Farimah

Published

2023

4. Digital Early Security Validation

Author

Hassan, Muhammad, Große, Daniel, Drechsler, Rolf, Hassan, Muhammad, Große, Daniel, and Drechsler, Rolf

Published

2023

5. An Automatically Verified Prototype of the Android Permissions System.

Author

Cristiá, Maximiliano, De Luca, Guido, and Luna, Carlos

Abstract

In a previous work we presented formal specifications of idealized formulations of the permission model of Android in the Coq proof assistant. This formal development is about 23 KLOC of Coq code, including proofs. In this work the Coq model is encoded in { l o g } (‘setlog’)—a satisfiability solver and a constraint logic programming language— which is then used to automatically discharge most of the proofs performed in Coq. We show how the Coq model is encoded in { l o g } and how automated proofs are performed. The resulting { l o g } model is an automatically verified executable prototype of the Android permissions system. Detailed data on the empirical evaluation resulting after executing all the proofs in { l o g } is provided. The integration of Coq and { l o g } as to provide a framework featuring automated proof and prototype generation is discussed. [ABSTRACT FROM AUTHOR]

Published

2023

6. A Framework to Verify the ABAC Policies in Web Applications

Author

Luong, Thanh-Nhan, Le, Hong-Anh, Vo, Dinh-Hieu, Truong, Ninh-Thuan, Xhafa, Fatos, Series Editor, Nguyen, Ngoc-Thanh, editor, Dao, Nhu-Ngoc, editor, Pham, Quang-Dung, editor, and Le, Hong Anh, editor

Published

2022

7. Formal Verification of Security Protocols: ProVerif and Extensions

Author

Yao, Jiangyuan, Xu, Chunxiang, Li, Deshun, Lin, Shengjun, Cao, Xingcan, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Sun, Xingming, editor, Zhang, Xiaorui, editor, and Xia, Zhihua, editor

Published

2022

8. Construction of Side Channel Attack Resistant S-Boxes Using Genetic Algorithms Based on Coordinate Functions

Author

B. Khadem and S. Rajavzadeh

Subjects

substitution box (s-box), side channel attack (sca), coordinate functions, security properties, Computer engineering. Computer hardware, TK7885-7895, Science

Abstract

Background and Objectives: Substitution-box (S-Box) is one of the essential components creating confusion and nonlinear properties in cryptography. To strengthen a cipher against various attacks, including side channel attacks, these boxes need to have numerous security properties. In this paper, a novel S-Box construction method is introduced aimed at improving the resistance of S-Boxes against power analysis attacks.Methods: In the preprocessing phase of this approach, a suitable initial S-Box with some basic security properties was generated by adopting a fast algorithm. Then, in the main stage, using the initial S-Box, we generate new S-Boxes which not only have the properties of the initial S-Box but also have significantly improved under another set of security properties. To do this, new S-Boxes were generated using a genetic algorithm on a particular subset of the linear combination set of coordinate functions of the initial S-Box.Results: The performed experiments demonstrated that the values of all security properties of these new S-Boxes, especially the measures of transparency order, signal-to-noise ratio, confusion coefficient, bijection property, fixed point, and opposite fixed points, have been substantially improved. For example, our experiments indicate that 70, 220, 2071, 43, and 406 S-Boxes are found better than the initial S-Box, respectively, in the dimensions of 4×4 through 8×8Conclusion: In this paper, a new S-Box construction method is introduced where the properties related to side channel attacks are improved, without destroying other security features. Besides, some results obtained from generated S-Boxes in the dimensions of 4×4 through 8×8 demonstrated that the generated S-Boxes are not only improved relative to the initial S-Box, but also in certain cases, considerably better than some well-known S-Boxes.

Published

2022

9. Construction of Side Channel Attack Resistant S-Boxes Using Genetic Algorithms Based on Coordinate Functions.

Author

Khadem, B. and Rajav zade, S.

Subjects

SECURITY management, CRYPTOSYSTEMS, CELL phones, ALGEBRAIC immunity, GENETIC algorithms

Abstract

Background and Objectives: Substitution-Box (S-Box) is one of the essential components creating confusion and nonlinear properties in cryptography. To strengthen a cipher against various attacks, including side channel attacks, these boxes need to have numerous security properties. In this paper, a novel S-Box construction method is introduced aimed at improving the resistance of S-Boxes against power analysis attacks. Methods: In the preprocessing phase of this approach, a suitable initial S-Box with some basic security properties was generated by adopting a fast algorithm. Then, in the main stage, using the initial S-Box, we generate new S-Boxes which not only have the properties of the initial S-Box but also have significantly improved under another set of security properties. To do this, new S-Boxes were generated using a genetic algorithm on a particular subset of the linear combination set of coordinate functions of the initial S-Box. Results: The performed experiments demonstrated that the values of all security properties of these new S-Boxes, especially the measures of transparency order, signal-to-noise ratio, confusion coefficient, bijection property, fixed point, and opposite fixed points, have been substantially improved. For example, our experiments indicate that 70, 220, 2071, 43, and 406 S-Boxes are found better than the initial S-Box, respectively, in the dimensions of 4x4 through 8x8 Conclusion: In this paper, a new S-Box construction method is introduced where the properties related to side channel attacks are improved, without destroying other security features. Besides, some results obtained from generated S-Boxes in the dimensions of 4x4 through 8x8 demonstrated that the generated S-Boxes are not only improved relative to the initial S-Box, but also in certain cases, considerably better than some well-known S-Boxes. [ABSTRACT FROM AUTHOR]

Published

2022

10. Physical layer security for NOMA: limitations, issues, and recommendations.

Author

Melki, Reem, Noura, Hassan N., and Chehab, Ali

Abstract

More and more attention is being directed towards the Non-Orthogonal Multiple Access (NOMA) technology due to its many advantages such as high data rate, enhanced spectral and energy efficiency, massive connectivity, and low latency. On the other hand, secure data transmission remains a critical challenge in wireless communication systems since wireless channels are, in general, exposed. To increase the robustness of NOMA systems and overcome the issues related to wireless transmission, several Physical Layer Security (PLS) schemes have been recently presented. Unlike conventional security algorithms, this type of solutions exploits the dynamicity of the physical layer to secure data using a single iteration and minimum operations. In this paper, we survey the various NOMA-based PLS schemes in the literature, which target all kinds of security properties. From this study, we have noticed that the majority of the research work in this area is mainly focused on data confidentiality and privacy and not on other security properties such as device and source authentication, key generation, and message integrity. Therefore, we discuss the PLS data confidentiality schemes for NOMA and their limitations, challenges, and countermeasures, and we propose different methods to address the remaining security properties. [ABSTRACT FROM AUTHOR]

Published

2021

11. A Secure Anonymous Identity-Based Scheme in New Authentication Architecture for Mobile Edge Computing.

Author

Li, Yuting, Cheng, Qingfeng, Liu, Ximeng, and Li, Xinghua

Abstract

Mobile edge computing (MEC) provides computing and data storage capabilities within the range of the wireless access network close to the users, which is driving the need for new type of security technologies. Faced with rapid traffic growth and increasing user experience requirements, the existing security schemes can no longer meet the new requirements of real time and lightweight. New solutions that do not require complex calculations, such as identity-based cryptography, attract great attention from researchers. To meet these demands, we design a new authentication architecture for MEC environment, which provides secure and efficient communication. Based on this authentication architecture, an anonymous identity-based scheme is proposed for lightweight devices. In the meantime, user anonymity is also fully protected. The proposed scheme is proved to be secure under a specific security model. In addition, we describe the security properties our scheme meets. The comparisons of time consumption and communicational cost are given at the end of the article, to demonstrate that our scheme performs prior to several previous schemes. [ABSTRACT FROM AUTHOR]

Published

2021

12. Verifiably Encrypted Group Signatures

Author

Wang, Zhen, Luo, Xiling, Wu, Qianhong, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Okamoto, Tatsuaki, editor, Yu, Yong, editor, Au, Man Ho, editor, and Li, Yannan, editor

Published

2017

13. Tightly‐secure two‐pass authenticated key exchange protocol using twin Diffie–Hellman problem.

Author

Zeng, Runzhi and Wang, Libin

Abstract

Tight security is an important requirement of practical cryptographic schemes. Compared with loosely‐secure schemes, tightly‐secure schemes allow shorter security parameters hence are more efficient. In CRYPTO 2018, Gjøsteen and Jager proposed a tightly‐secure authenticated key exchange (AKE) protocol. They used 'commitment trick' to construct a tight security reduction for their protocol. However, this technique leads to a three‐pass execution in their protocol, and their protocol cannot achieve key confirmation unless it is modified to have a four‐pass execution. In this study, the authors propose a tightly‐secure two‐pass AKE protocol. They use the twin Diffie–Hellman problem and the 're‐patch' trick of random oracles to construct a tight security reduction for their protocol. This technique allows their protocol to have a two‐pass execution. Their protocol provides several security properties such as key‐compromise‐impersonation security, unknown‐key‐share security, and weak perfect forward secrecy. Moreover, a three‐pass variant of their protocol provides key confirmation. [ABSTRACT FROM AUTHOR]

Published

2020

14. Classification Mechanism for IoT Devices towards Creating a Security Framework

Author

Jincy, V. J., Sundararajan, Sudharsan, Kacprzyk, Janusz, Series editor, Buyya, Rajkumar, editor, and Thampi, Sabu M., editor

Published

2015

15. Verifying Android’s Permission Model

Author

Betarte, Gustavo, Campo, Juan Diego, Luna, Carlos, Romano, Agustín, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Leucker, Martin, editor, Rueda, Camilo, editor, and Valencia, Frank D., editor

Published

2015

16. Lightweight Formal Verification in Real World, A Case Study

Author

Atzeni, Andrea, Su, Tao, Montanaro, Teodoro, van der Aalst, Wil, editor, Mylopoulos, John, editor, Rosemann, Michael, editor, Shaw, Michael J., editor, Szyperski, Clemens, editor, Iliadis, Lazaros, editor, Papazoglou, Michael, editor, and Pohl, Klaus, editor

Published

2014

17. Idea: Writing Secure C Programs with SecProve

Author

Archer, Myla M., Leonard, Elizabeth I., Heitmeyer, Constance L., Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Jürjens, Jan, editor, Livshits, Benjamin, editor, and Scandariato, Riccardo, editor

Published

2013

18. Anonymity and rewards in peer rating systems1

Author

Elizabeth A. Quaglia, Lydia Garms, Giulia Traverso, and Siaw-Lynn Ng

Subjects

Scheme (programming language), Security properties, Computer Networks and Communications, Computer science, business.industry, media_common.quotation_subject, Internet privacy, Ring signature, Hardware and Architecture, Direct Anonymous Attestation, Rating system, Safety, Risk, Reliability and Quality, Set (psychology), business, computer, ComputingMilieux_MISCELLANEOUS, Software, Anonymity, computer.programming_language, Reputation, media_common

Abstract

When peers rate each other, they may rate inaccurately to boost their own reputation or unfairly lower another’s. This could be mitigated by having a reputation server incentivise accurate ratings with a reward. However, assigning rewards becomes challenging when ratings are anonymous, since the reputation server cannot tell which peers to reward for rating accurately. To address this, we propose an anonymous peer rating system in which users can be rewarded for accurate ratings, and we formally define its model and security requirements. In our system ratings are rewarded in batches, so that users claiming their rewards only reveal they authored one in this batch of ratings. To ensure the anonymity set of rewarded users is not reduced, we also split the reputation server into two entities, the Rewarder, who knows which ratings are rewarded, and the Reputation Holder, who knows which users were rewarded. We give a provably secure construction satisfying all the security properties required. For our construction we use a modification of a Direct Anonymous Attestation scheme to ensure that peers can prove their own reputation when rating others, and that multiple feedback on the same subject can be detected. We then use Linkable Ring Signatures to enable peers to be rewarded for their accurate ratings, while still ensuring that ratings are anonymous. Our work results in a system which allows accurate ratings to be rewarded, whilst still providing anonymity of ratings with respect to the central entities managing the system.

Published

2022

19. CASTREAM: A New Stream Cipher Suitable for Both Hardware and Software

Author

Das, Sourav, Roy Chowdhury, Dipanwita, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Sirakoulis, Georgios Ch., editor, and Bandini, Stefania, editor

Published

2012

20. On Capabilities of Hash Domain Extenders to Preserve Enhanced Security Properties

Author

Reyhanitabar, Mohammad Reza, Susilo, Willy, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Takagi, Tsuyoshi, editor, Wang, Guilin, editor, Qin, Zhiguang, editor, Jiang, Shaoquan, editor, and Yu, Yong, editor

Published

2012

21. Optimized Inlining of Runtime Monitors

Author

Lemay, Frédérick, Khoury, Raphaël, Tawbi, Nadia, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, and Laud, Peeter, editor

Published

2012

22. An Efficient, Parameterized and Scalable S-box for Stream Ciphers

Author

Das, Sourav, RoyChowdhury, Dipanwita, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Lai, Xuejia, editor, Yung, Moti, editor, and Lin, Dongdai, editor

Published

2011

23. Security and Trust

Author

Costa, Gabriele, Issarny, Valérie, Martinelli, Fabio, Matteucci, Ilaria, Saadi, Rachid, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bernardo, Marco, editor, and Issarny, Valérie, editor

Published

2011

24. Formalizing ROS2 security configuration with Alloy

Author

Ribeiro, Luís Mário Macedo, Cunha, Alcino, Santos, André Filipe Faria, and Universidade do Minho

Subjects

SROS2, Observational determinism, Verificação de software, Security properties, Software verification, Alloy, Robotics, Determinismo observacional, Propriedades de segurança, Robótica, ROS2, Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática

Abstract

Dissertação de mestrado integrado em Informatics Engineering, Industrial manufacturing is becoming highly reliant on automation developments, as they bring more efficient and accurate processes, with lower associated costs. Consequently, robots are increasingly being deployed in a wide range of scenarios, especially where safety is demanded. In such cases, it is critical to employ appropriate procedures to verify both the system’s quality and safety. Following the current growth of cyber-physical systems, as well as their usage in various technology domains, the development of software applications is becoming more demanding due to the complexity behind the integration of complementing services, beyond those provided by the operating system. One of the most popular open-source software platforms for building robotic systems is the Robot Operating System (ROS) [53] middleware, where highly configurable robots are usually built by composing third-party modules. Robot Operating System 2 (ROS2) is implemented using the Data Distribution Service (DDS) [49] communication protocol. ROS2 implicitly makes use of the DDS-Security artefacts through the Secure Robot Operating System 2 (SROS2) security toolset. The present study focus on detecting security problems in ROS2 networks, in which it is intended to verify, through formal techniques, security properties. However, security is a very broad subject, so this study focuses on a particular security property to show the viability of the proposed technique, namely Observational Determinism (OD). This dissertation introduces a software tool, named Security Verification in ROS (svROS), that provides multiple functionalities to support this type of security analysis using Alloy [32], a formal specification language and analysis tool., A crescente implementação de processos automáticos tem motivado a reestruturação nos mais diversos setores industriais, com o objetivo de aumentar a eficiência e precisão dos mesmos, e consequentemente, reduzir os custos associados. Além disso, esta ideia levou à integração da robótica nos mais amplos domínios tecnológicos, especialmente onde a segurança é exigida. Nestes casos, é fundamental adotar técnicas apropriadas de forma a verificar tanto a qualidade do sistema, como a segurança do mesmo. Como resultado do atual crescimento dos sistemas ciber-físicos, nomeadamente sistemas robóticos, bem como a sua utilização em vários domínios tecnológicos, o desenvolvimento de aplicações tem vindo a ficar mais exigente, em particular devido à complexidade da integração dos serviços necessários, tipicamente não fornecidos pelo sistema operativo. Uma das plataformas considerada como standard no que toca ao desenvolvimento de sistemas robóticos é o middleware ROS [53], onde robôs altamente configuráveis são construídos através da composição modular de software externo, oferecendo características como flexibilidade e interoperabilidade aos sistemas integrados. O ROS2 implementa um protocolo de comunicação, de nome DDS [49], que, para além de garantir serviços de comunicação, implementa a especificação DDS-Security, que oferece diferentes métodos de adoção de segurança, através de uma metodologia de plugins. Através do uso desta especificação, juntamente com o uso do toolset SROS2, é possível configurar o ROS2 de forma a proporcionar um ambiente seguro às aplicações integradas. O presente trabalho foca-se no estudo e deteção de problemas de segurança em topologias ROS2, através da verificação formal de propriedades de segurança. No entanto, a segurança é um assunto extenso, pelo que o foco de interesse nesta tese é numa propriedade particular de segurança para mostrar a viabilidade da presente técnica, de nome OD. Esta dissertação introduz a uma ferramenta de verificação de nome svROS, que contempla múltiplas funcionalidades para suportar este tipo de análise usando Alloy [32], uma linguagem de especificação formal e respectiva ferramenta de análise., This work is financed by National Funds through the Portuguese funding agency, FCT - Fundação para a Ciência e a Tecnologia, within project LA/P/0063/2020.

Published

2022

25. Verification of the Correctness in Composed UML Behavioural Diagrams

Author

Ouchani, Samir, Mohamed, Otmane Ait, Debbabi, Mourad, Pourzandi, Makan, Kacprzyk, Janusz, editor, Lee, Roger, editor, Ormandjieva, Olga, editor, Abran, Alain, editor, and Constantinides, Constantinos, editor

Published

2010

26. Agents Based e-Commerce and Securing Exchanged Information

Author

Al-Jaljouli, Raja, Abawajy, Jemal, Hassanien, Aboul-Ella, editor, Abawajy, Jemal H., editor, Abraham, Ajith, editor, and Hagras, Hani, editor

Published

2010

27. Security Rules versus Security Properties

Author

Jaume, Mathieu, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Jha, Somesh, editor, and Mathuria, Anish, editor

Published

2010

28. From a Generic Framework for Expressing Integrity Properties to a Dynamic mac Enforcement for Operating Systems

Author

Clemente, Patrice, Rouzaud-Cornabas, Jonathan, Toinard, Christian, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Gavrilova, Marina L., editor, Tan, C. J. Kenneth, editor, and Moreno, Edward David, editor

Published

2010

29. Security of a Key System of a Fiscal Feature.

Author

Gorbatov, V. S., Zhukov, I. Yu., and Murashov, O. N.

Abstract

Abstract: This paper describes the protocol for generating a master key for a system for exchanging fiscal features, generating a fiscal feature key with authentication of the means for generating and verifying fiscal features that are installed on the fiscal drive and in the equipment of fiscal data operators and the authorized body. This protocol is based on the use of known domestic cryptographic transformations and is aimed at ensuring the integrity and authenticity of data transmitted through the communication channel between the means of formation and means of verification of fiscal features. The protocol was developed in accordance with the recommendations of Rosstandart regarding the principles of the development and modernization of encryption (cryptographic) means of information protection and was issued in the form of a draft national standard proposed for public discussion and approval in accordance with the established procedure. The main result of this study is the formulation of certain security properties that are identical to those objectives that the intruder sets for the purpose of compromise. Already at the stage of creating a protocol, taking into account methods of compromise makes it possible to establish such structural features in this protocol that would ensure the fulfillment of specified security properties and the subsequent justification of their sufficiency. [ABSTRACT FROM AUTHOR]

Published

2018

30. A Higher Education.

Author

Lasbahani, Abdellatif, Chhiba, Mostafa, and Tabyaoui, Abdelmoumen

Subjects

INDUSTRIAL safety, HIGHER education, DATA encryption, DIGITAL signatures, DATA integrity, SOURCE code, SYSTEMS development

Abstract

Recently, many research studies have suggested the integration of safety engineering at an early stage of modeling and system development using Model-Driven Architecture (MDA). This concept consists in deploying the UML (Unified Modeling Language) standard as aprincipal metamodel for the abstractions of different systems. To our knowledge, most of this work has focused on integrating security requirements after the implementation phase without taking them into account when designing systems. In this work, we focused our efforts on non-functional aspects such as the business logic layer, data flow monitoring, and high-quality service delivery. Practically, we have proposed a new UML profile for security integration and code generation for the Java platform. Therefore, the security properties will be described by a UML profile and the OCL language to verify the requirements of confidentiality, authorization, availability, data integrity, and data encryption. Finally, the source code such as the application security configuration, the method signatures and their bodies, the persistent entities and the security controllers generated from sequence diagram of system’s internal behavior after its extension with this profile and applying a set of transformations. [ABSTRACT FROM AUTHOR]

Published

2018

31. SecCom: A Prototype for Integrating Security-Aware Components

Author

Khan, Khaled M., Tan, Calvin, van der Aalst, Will, Series editor, Mylopoulos, John, Series editor, Sadeh, Norman M., Series editor, Shaw, Michael J., Series editor, Szyperski, Clemens, Series editor, Yang, Jianhua, editor, Ginige, Athula, editor, Mayr, Heinrich C., editor, and Kutsche, Ralf-D., editor

Published

2009

32. Using Edit Automata for Rewriting-Based Security Enforcement

Author

Ould-Slimane, Hakima, Mejri, Mohamed, Adi, Kamel, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Gudes, Ehud, editor, and Vaidya, Jaideep, editor

Published

2009

33. On the Security Properties and Attacks against Mobile Agent Graph Head Sealing (MAGHS)

Author

Khan, Abid, Arshad, Qasim, Niu, Xiamu, Yong, Zhang, Anwar, Muhammad Waqas, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Park, Jong Hyuk, editor, Chen, Hsiao-Hwa, editor, Atiquzzaman, Mohammed, editor, Lee, Changhoon, editor, Kim, Tai-hoon, editor, and Yeo, Sang-Soo, editor

Published

2009

34. An Automatically Verified Prototype of the Tokeneer ID Station Specification

Author

Maximiliano Cristiá and Gianfranco Rossi

Subjects

FOS: Computer and information sciences, Security properties, Computer science, Programming language, Carry (arithmetic), ComputerApplications_COMPUTERSINOTHERSYSTEMS, computer.software_genre, Software Engineering (cs.SE), Set (abstract data type), Computer Science - Software Engineering, Ada, Development (topology), Computational Theory and Mathematics, SPARK (programming language), Artificial Intelligence, State (computer science), computer, Software, Set constraint, computer.programming_language

Abstract

The Tokeneer project was an initiative set forth by the National Security Agency (NSA, USA) to be used as a demonstration that developing highly secure systems can be made by applying rigorous methods in a cost-effective manner. Altran UK was selected by NSA to carry out the development of the Tokeneer ID Station. The company wrote a Z specification later implemented in the SPARK Ada programming language, which was verified using the SPARK Examiner toolset. In this paper, we show that the Z specification can be readily and naturally encoded in the $$\{log\}$$ set constraint language, thereby generating a functional prototype. Furthermore, we show that $$\{log\}$$ ’s automated proving capabilities can discharge all the proof obligations concerning state invariants as well as important security properties. As a consequence, the prototype can be regarded as correct with respect to the verified properties. This provides empirical evidence that Z users can use $$\{log\}$$ to generate correct prototypes from their Z specifications. In turn, these prototypes enable or simplify some verification activities discussed in the paper.

Published

2021

35. Admissible Interference by Typing for Cryptographic Protocols

Author

Fellah, Alaaeddine, Mullins, John, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Qing, Sihan, editor, Mao, Wenbo, editor, López, Javier, editor, and Wang, Guilin, editor

Published

2005

36. A Systematic Literature Review of Blockchain Technology: Security Properties, Applications and Challenges

Author

Tuan-Vinh Le and Chien-Lung Hsu

Subjects

Security properties, Cryptocurrency, Systematic review, Blockchain, Third party, Computer Networks and Communications, Process (engineering), Computer science, Robustness (economics), Computer security, computer.software_genre, computer, Software

Abstract

Blockchain technology has been known as a cryptocurrency platform since the emergence of its first and largest application, bitcoin. Blockchain contributes to the process of changing low-trust centralized transaction ledger held by a single third party, to high-trust decentralized form held by different verifying nodes. Due to its decentralized nature and security robustness, blockchain has big potentials to be applied in various fields beyond cryptocurrency. This paper aims to provide readers a more complete literature review of blockchain, compared with existing works. We introduce and explain various security properties of blockchain, provide a taxonomy of blockchain-based applications, and discuss challenges of blockchain in terms of security and performance. Furthermore, some research directions are given in the last section of the paper.

Published

2021

37. On Fairness in Exchange Protocols

Author

Markowitch, Olivier, Gollmann, Dieter, Kremer, Steve, Goos, Gerhard, editor, Hartmanis, Juris, editor, van Leeuwen, Jan, editor, Lee, Pil Joong, editor, and Lim, Chae Hoon, editor

Published

2003

38. Extended Description Techniques for Security Engineering

Author

Wimmel, Guido, Wisspeintner, Alexander, Dupuy, Michel, editor, and Paradinas, Pierre, editor

Published

2001

39. Pairing-Free and Secure Certificateless Signcryption Scheme.

Author

HUIFANG YU and BO YANG

Subjects

*DATA encryption, *CRYPTOGRAPHY, *INTERNET auctions, *EMAIL systems, *COMPUTER security

Abstract

Certificateless signcryption (CLSC) can simultaneously fulfill certificateless encryption and certificateless signature; however, most CLSC schemes need costly computational overhead due to the usage of pairing operations. How to improve its computational efficiency is a very significant research problem. In this paper, we propose a pairing-free and secure CLSC scheme. In the random oracle model, the proposed scheme is indistinguishability against adaptive chosen-ciphertext attacks secure in confidentiality and unforgeability against adaptive chosen-message attacks secure in unforgeability. In the new scheme, only a designated receiver can recover the message, and a third party can verify the validity of a signcrypted text without knowing the receiver's secret value. In addition, this cryptographic algorithm is very appropriate to applications in online auction, email system and private contractual signature. [ABSTRACT FROM AUTHOR]

Published

2017

40. Security Properties of Software Components

Author

Khan, Khaled, Han, Jun, Zheng, Yuliang, Mambo, Masahiro, and Zheng, Yuliang

Published

1999

41. Enclaves in the Clouds

Author

Jennifer Cobbe, Do Le Quoc, Zahra Tarkhani, and Jatinder Singh

Subjects

Security properties, 021110 strategic, defence & security studies, Scrutiny, General Computer Science, Computer science, business.industry, Data management, 0211 other engineering and technologies, 020207 software engineering, 02 engineering and technology, Public administration, Computer security, computer.software_genre, Software, 0202 electrical engineering, electronic engineering, information engineering, Code (cryptography), Confidentiality, business, computer, Host (network)

Abstract

Trusted Execution Environments ('TEEs') or 'secure enclaves' aim at enabling more secure computation and data management. There is much enthusiasm for this technology, not least as we see increasing legal and regulatory attention on issues of security, privacy, and data management and use. With cloud providing the infrastructure for underpinning applications, data processing and analytics/ML, access to enclaves and enclave-backed technologies are increasingly being offered by service (cloud) providers - with the technology described as enabling confidential computing . This paper provides a high-level overview of the common security properties provided by enclaves, and considers how such technology, in being offered by cloud providers, relates to organizational legal and regulatory concerns. Focusing on data protection regulations, we explore the aspects of TEEs that might assist compliance, and who stands to benefit from the deployment of such technology in a service provision context.

Published

2020

42. The distributed ledgers ensuring privacy-preserving transactions

Author

Sergey V. Zapechnikov

Subjects

Security properties, Cryptographic primitive, lcsh:T58.5-58.64, Computer science, lcsh:Information technology, Homomorphic encryption, General Medicine, Computer security, computer.software_genre, Mathematical proof, lcsh:Q350-390, distributed ledger, blockchain technologies, cryptocurrency, consensus, state machine replication, confidentiality, Development (topology), Ring signature, lcsh:Information theory, Database transaction, computer

Abstract

The paper is devoted to the actual problem of ensuring privacy during performing transactions in distributed ledgers. We discuss various aspects of transaction privacy, as well as the specifics of setting the problem for distributed ledgers with two main models for representing participants' balances: the UTXO-model and the account model. Based on these results, we outline definitions and consider security properties of the main cryptographic primitives used for preserving the privacy of transactions: mixers, ring signatures, homomorphic encryption, and zero-knowledge proofs. We analyze well-known solutions for distributed ledgers based on the UTXO-model, such as Zcash, Monero, Zcoin, Dash, CoinShuffle, Verge, Grin, and others, as well as for systems based on the account model: DSC, Zether, Zeth, BlockMaze. Based on the comparison of advantages, disadvantages, and limitations for existing solutions, conclusions are drawn about the future development of distributed ledgers that ensure the privacy of transactions, and new research tasks are outlined.

Published

2020

43. Automated Proof of Bell–LaPadula Security Properties

Author

Maximiliano Cristiá and Gianfranco Rossi

Subjects

Security properties, Property (philosophy), Finite-state machine, Theoretical computer science, Computer science, 020207 software engineering, 0102 computer and information sciences, 02 engineering and technology, computer.file_format, Mathematical proof, 01 natural sciences, Computational Theory and Mathematics, Fully automated, 010201 computation theory & mathematics, Artificial Intelligence, 0202 electrical engineering, electronic engineering, information engineering, State (computer science), Set theory, Executable, computer, Software

Abstract

Almost 50 years ago, D. E. Bell and L. LaPadula published the first formal model of a secure system, known today as the Bell–LaPadula (BLP) model. BLP is described as a state machine by means of first-order logic and set theory. The authors also formalize two state invariants known as security condition and *-property. Bell and LaPadula prove that all the state transitions preserve these invariants. In this paper we present a fully automated proof of the security condition and the *-property for all the model operations. The model and the proofs are coded in the $$\{log\}$$ tool. As far as we know this is the first time such proofs are automated. Besides, we show that the $$\{log\}$$ model is also an executable prototype. Therefore we are providing an automatically verified executable prototype of BLP.

Published

2020

44. Modeling security properties of authentication of cryptographic protocols using spin formal verification

Author

L.K. Babenko and E.A. Perevyshina

Subjects

Security properties, Authentication, Computer science, business.industry, 0202 electrical engineering, electronic engineering, information engineering, 020207 software engineering, 02 engineering and technology, Cryptographic protocol, business, Formal verification, Computer network, Spin-½

Abstract

To assess the quality and security of cryptographic protocols, we use various formal verification tools, such as Scyther tool, Avispa, ProVerif. these formal verifiers can check the protocol for vulnerability to attacks on secrecy and authentication, as these are the most prevalent attacks on protocols. However, this is not enough to fully analyze the security of the protocol. In this article, we will use linear temporal logic (LTL) model checking with SPIN. This tool, unlike the formal verifiers listed above, is not designed for a specific application in the context of cryptographic protocols; however, it has a very wide range of possibilities. In particular, for each security property, it is possible to describe the behavior of an attacker and test for the stability of the protocol model to its various attacks. The purpose of this work is to describe the developed methodology for verifying the security of authentication properties using the SPIN verifier.

Published

2020

45. Computing Legacy Software Behavior to Understand Functionality and Security Properties: An IBM/370 Demonstration

Author

Ankrum, Scott [MITRE Corporation]

Published

2013

46. Lessons Learned: Analysis of PUF-based Authentication Protocols for IoT

Author

Karim Lounis and Mohammad Zulkernine

Subjects

Security properties, Authentication, Service (systems architecture), Computer Networks and Communications, business.industry, Computer science, Computer security, computer.software_genre, Computer Science Applications, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Hardware and Architecture, Data integrity, Authentication protocol, Research community, Confidentiality, Internet of Things, business, Safety Research, computer, Software, Information Systems

Abstract

The service of authentication constitutes the spine of all security properties. It is the phase where entities prove their identities to each other and generally establish and derive cryptographic keys to provide confidentiality, data integrity, non-repudiation, and availability. Due to the heterogeneity and the particular security requirements of IoT (Internet of Things), developing secure, low-cost, and lightweight authentication protocols has become a serious challenge. This has excited the research community to design and develop new authentication protocols that meet IoT requirements. An interesting hardware technology, called PUFs (Physical Unclonable Functions), has been the subject of many subsequent publications on lightweight, low-cost, and secure-by-design authentication protocols. This has turned our attention to investigate the most recent PUF-based authentication protocols for IoT. In this paper, we review the security of these protocols. We first provide the necessary background on PUFs, their types, and related attacks. Also, we discuss how PUFs are used for authentication. Then, we analyze the security of PUF-based authentication protocols to identify and report common security issues and design flaws, as well as to provide recommendations for future authentication protocol designers.

Published

2022

47. SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties

Author

Chinenye Okafor, Taylor R. Schorlemmer, Santiago Torres-Arias, and James C. Davis

Subjects

Software Supply Chain Attacks, Other Computer Engineering, Security Properties, Information Security, Collaborative Software Engineering, Software Engineering, Software Reuse

Abstract

This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain: transparency, validity, and separation. The paper describes current security approaches and maps them to the proposed security properties, including research ideas and case studies of supply chains in practice. It discusses the strengths and weaknesses of current approaches relative to known attacks and details the various security frameworks put out to ensure the security of the software supply chain. Finally, the paper highlights potential gaps in actor and operation-centered supply chain security techniques.

Published

2022

48. Formal Analysis of Security Models for Mobile Devices, Virtualization Platforms, and Domain Name Systems

Author

Gustavo Betarte and Carlos Luna

Subjects

Formal modelling, Security properties, Coq proof assistant, JME-MIDP, Virtualization, Electronic computers. Computer science, QA75.5-76.95

Abstract

In this work we investigate the security of security-critical applications, i.e. applications in which a failure may produce consequences that are unacceptable. We consider three areas: mobile devices, virtualization platforms, and domain name systems. The Java Micro Edition platform defines the Mobile Information Device Profile (MIDP) to facilitate the development of applications for mobile devices, like cell phones and PDAs. We first study and compare formally several variants of the security model specified by MIDP to access sensitive resources of a mobile device. Hypervisors allow multiple guest operating systems to run on shared hardware, and offer a compelling means of improving the security and the flexibility of software systems. In this work we present a formalization of an idealized model of a hypervisor. We establish (formally) that the hypervisor ensures strong isolation properties between the different operating systems, and guarantees that requests from guest operating systems are eventually attended. We show also that virtualized platforms are transparent, i.e. a guest operating system cannot distinguish whether it executes alone or together with other guest operating systems on the platform. The Domain Name System Security Extensions (DNSSEC) is a suite of specifications that provides origin authentication and integrity assurance services for DNS data. We finally introduce a minimalistic specification of a DNSSEC model which provides the grounds needed to formally state and verify security properties concerning the chain of trust of the DNSSEC tree. We develop all our formalizations in the Calculus of Inductive Constructions —formal language that combines a higher-order logic and a richly-typed functional programming language— using the Coq proof assistant.

Published

2015

49. On the Verification of Opacity in Web Services and Their Composition.

Author

Bourouis, Amina, Klai, Kais, Hadj-Alouane, Nejib Ben, and Touati, Yamen El

Abstract

Web service (WS) providers need to restrain access to private information when cooperating with business partners. This need is translated in practice by an abstraction phase where inner data is withheld from public view. However, just like hiding encryption keys is not enough to prove the secrecy of information in a communication protocol, this procedure cannot prove the goal of secrecy is attained. Security related literature has turned in the past couple of decades to a new, formal, security property, i.e., opacity, to both hide and prove the privacy of secrets. Following our previous work on the use of the Symbolic Observation Graph (SOG), on one hand, to abstract and compose Web services, and to verify the opacity of systems on the other, we show in this paper how the verification of three different types of opacity in SOG-abstracted WSs is translated to the opacity of their composites. We hence establish that the SOG is a suitable abstraction that allows to check these opacity variants locally to each component of a composite WS, and preserves opacity by composition (i.e., each WS component is opaque iff the composite WS is). [ABSTRACT FROM PUBLISHER]

Published

2017

50. Leakage‐resilient message authentication code scheme based on hidden identity weak hash proof system.

Author

Wang, Bin

Abstract

Hazay et al. initiated the formal study of leakage‐resilient message authentication code (MAC) and presented a MAC scheme that is both leakage resilient and unforgeable against chosen message and no verification query attack (uf‐cm‐nvq). As the communication overhead of their construction is linear with the parameters that control the leakage bound, their scheme sacrifices efficiency in exchange for leakage resilience. In this study, the authors study the problem of designing leakage‐resilient MACs in the public‐key setting with acceptable communication efficiency. In particular, a notion called 'hidden identity weak hash proof system'(HID‐wHPS) is introduced. Then a generic MAC construction is presented under the abstraction framework of HID‐wHPS. Security properties guaranteed by HID‐wHPS enable us to prove the author's construction to be both leakage resilient and uf‐cm‐nvq in a modular way. Finally, performance analysis shows that their MAC construction yields improved tagging‐key size, tag size as well as computation overhead under the given leakage bound. [ABSTRACT FROM AUTHOR]

Published

2016