Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

Sarah Meiklejohn,Pavel Kalinnikov,Cindy S. Lin,Martin Hutchinson,Gary Belvin,Mariana Raykova,Al Cutter

DOI: https://doi.org/10.48550/arXiv.2011.04551

2020-11-09

Cryptography and Security

Abstract:In recent years, there has been increasing recognition of the benefits of having services provide auditable logs of data, as demonstrated by the deployment of Certificate Transparency and the development of other transparency projects. Most proposed systems, however, rely on a gossip protocol by which users can be assured that they have the same view of the log, but the few gossip protocols that do exist today are not suited for near-term deployment. Furthermore, they assume the presence of global sets of auditors, who must be blindly trusted to correctly perform their roles, in order to achieve their stated transparency goals. In this paper, we address both of these issues by proposing a gossip protocol and a verifiable registry, Mog, in which users can perform their own auditing themselves. We prove the security of our protocols and demonstrate via experimental evaluations that they are performant in a variety of potential near-term deployments.

Vy-An Phan

DOI: https://doi.org/10.48550/arXiv.1905.09478

2019-05-13

Cryptography and Security

Abstract:Despite increasing advancements in today's information exchange infrastructure, the preservation of user data and privacy still remains a problem. Both insecure baselines and secure solutions leak user data. For example, Certificate Transparency (CT) promises significant security improvements to existing Public Key Infrastructure solutions that up-to-now have solely relied on the Certificate Authority hierarchy. CT provides a robust auditing layer and transparency solution to quickly detect such compromises, but introduces the requirement that client browsers interact with third-party servers when validating a site certificate. In the existing CT system, these requests leak information about each user's browsing habits to the hosting server. It is not a stretch to think that this valuable data could be collected and exploited, as corporations and governments have plenty of financial and political incentive to do so. In this project, we seek to address this problem by using an oblivious file sharing system with strong anonymity properties, to provide a more scalable, performant solution to privacy-preserving queries.

Quirin Scheitle,Oliver Gasser,Theodor Nolte,Johanna Amann,Lexi Brent,Georg Carle,Ralph Holz,Thomas C. Schmidt,Matthias Wählisch

DOI: https://doi.org/10.1145/3278532.3278562

2018-09-22

Abstract:In this paper, we analyze the evolution of Certificate Transparency (CT) over time and explore the implications of exposing certificate DNS names from the perspective of security and privacy. We find that certificates in CT logs have seen exponential growth. Website support for CT has also constantly increased, with now 33% of established connections supporting CT. With the increasing deployment of CT, there are also concerns of information leakage due to all certificates being visible in CT logs. To understand this threat, we introduce a CT honeypot and show that data from CT logs is being used to identify targets for scanning campaigns only minutes after certificate issuance. We present and evaluate a methodology to learn and validate new subdomains from the vast number of domains extracted from CT logged certificates.

Networking and Internet Architecture,Cryptography and Security

Nikita Korzhitskii,Matus Nemec,Niklas Carlsson

DOI: https://doi.org/10.48550/arXiv.2203.02280

2022-03-04

Abstract:The modern Internet is highly dependent on trust communicated via certificates. However, in some cases, certificates become untrusted, and it is necessary to revoke them. In practice, the problem of secure revocation is still open. Furthermore, the existing procedures do not leave a transparent and immutable revocation history. We propose and evaluate a new revocation transparency protocol that introduces postcertificates and utilizes the existing Certificate Transparency (CT) logs. The protocol is practical, has a low deployment cost, provides an immutable history of revocations, enables delegation, and helps to detect revocation-related misbehavior by certificate authorities (CAs). With this protocol, a holder of a postcertificate can bypass the issuing CA and autonomously initiate the revocation process via submission of the postcertificate to a CT log. The CAs are required to monitor CT logs and proceed with the revocation upon detection of a postcertificate. Revocation status delivery is performed independently and with an arbitrary status protocol. Postcertificates can increase the accountability of the CAs and empower the certificate owners by giving them additional control over the status of the certificates. We evaluate the protocol, measure log and monitor performance, and conclude that it is possible to provide revocation transparency using existing CT logs.

Cryptography and Security,Computers and Society,Networking and Internet Architecture

Chang Xu,Lvhan Zhang,Liehuang Zhu,Chuan Zhang,Xiaojiang Du,Mohsen Guizani,Kashif Sharif

DOI: https://doi.org/10.1016/j.future.2020.04.021

IF: 7.307

2020-01-01

Future Generation Computer Systems

Abstract:Information-Centric Networking (ICN) is a novel future network architecture which in contrast to IP-based networks relies on content and its name. It separates the physical location of data from the discovery and forwarding process and solely relies on the content itself. For the Internet of Thing (IoT) networks, stripping the location information may provide privacy, but this does not translate to operational privacy. Attackers can infer user behavior patterns through operational privacy, by eavesdropping on meaningful information. The content name and designed signature in ICN can associate content with the identity of the provider, even if the IP address is hidden. Although several research efforts focus on the privacy protection of ICN, they do not consider the privacy implications of data aggregation. Most existing privacy-preserving data aggregation protocols are designed for special operations, such as sum, average, variance, max or min, and they cannot support arbitrary aggregation operations in the ciphertexts domain. Besides, the need for trusted authority (TA) restricts the use of existing protocols in the real world. In this paper, we propose a practical and privacy-preserving data aggregation scheme that can compute arbitrary aggregation functions without a TA. On one hand, our scheme can ensure users’ anonymity and privacy protection, while on the other, the scheme is efficient in enabling participants to join or leave the system dynamically. Security analysis shows that the proposed scheme can achieve the desired security properties, while experimental results demonstrate its effectiveness and efficiency.

Murat Yasin Kubilay,Mehmet Sabir Kiraz,Haci Ali Mantar

DOI: https://doi.org/10.48550/arXiv.1806.03914

2018-10-01

Abstract:In conventional PKI, CAs are assumed to be fully trusted. However, in practice, CAs' absolute responsibility for providing trustworthiness caused major security and privacy issues. To prevent such issues, Google introduced the concept of Certificate Transparency (CT) in 2013. Later, several new PKI models (e.g., AKI, ARPKI, and DTKI) are proposed to reduce the level of trust to the CAs. However, all of these proposals are still vulnerable to split-world attacks if the adversary is capable of showing different views of the log to the targeted victims. In this paper, we propose a new PKI architecture with certificate transparency based on blockchain, what we called CertLedger, to eliminate the split-world attacks and to provide an ideal certificate/revocation transparency. All TLS certificates, their revocation status, entire revocation process, and trusted CA management are conducted in the CertLedger. CertLedger provides a unique, efficient, and trustworthy certificate validation process eliminating the conventional inadequate and incompatible certificate validation processes implemented by different software vendors. TLS clients in the CertLedger also do not require to make certificate validation and store the trusted CA certificates anymore. We analyze the security and performance of the CertLedger and provide a comparison with the previous proposals.

Cryptography and Security

Richeng Jin,Yufan Huang,Zhaoyang Zhang,Huaiyu Dai

DOI: https://doi.org/10.1109/tnse.2023.3247626

IF: 6.6

2023-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Recently, the privacy guarantees of information dissemination protocols have attracted increasing research interests, among which the gossip protocols assume vital importance in various information exchange applications. In this article, we study the privacy guarantees of gossip protocols in general networks in terms of differential privacy and prediction uncertainty. First, lower bounds of the differential privacy guarantees are derived for gossip protocols in general networks in both synchronous and asynchronous settings. The prediction uncertainty of the source node given a uniform prior is also determined. For the private gossip algorithm, the differential privacy and prediction uncertainty guarantees are derived in closed forms in the asynchronous setting. Moreover, considering that these two metrics may be restrictive in some scenarios, the relaxed variants are proposed. It is found that source anonymity is closely related to some key network structure parameters in the general network setting. Then, we investigate information spreading in wireless networks with unreliable communications, and quantify the tradeoff between differential privacy guarantees and information spreading efficiency. Finally, considering that the attacker may not be present at the beginning of the information dissemination process, the scenario of delayed monitoring is studied and the corresponding differential privacy guarantees are evaluated.

Dongsheng Peng,Weidong Liu,Chuang Lin,Zhen Chen,Jiaxing Song

DOI: https://doi.org/10.1109/LCN.2008.4664203

2008-01-01

Abstract:Many P2P applications necessitate statistics aggregate computation of certain information among all individual peers. In contrast to methods of constructing aggregation tree, centralized computing and flooding, gossip-based mechanism has the advantages of good robustness and moderate communication and computing costs. Most algorithms of this type perform aggregate computation recursively on successive time slots called rounds. They require rounds to be globally synchronous on all the nodes, which complicates the algorithm realization. To eliminate the requirement for global round synchronization, we propose a loosely synchronized algorithm to compute global statistic average based on random event triggering mechanism, and prove that the convergence time is O(logN)tau. We then propose a robust method to estimate the number of peers in the network based on this algorithm. Finally, a framework is proposed to generalize the computation of SUM, A VG, MAX, MEV, and CNT(N).

Mei Wang,Kun He,Jing Chen,Ruiying Du,Bingsheng Zhang,Zengpeng Li

DOI: https://doi.org/10.1016/j.future.2022.01.007

IF: 7.307

2022-01-01

Future Generation Computer Systems

Abstract:Privacy-preserving data aggregation is becoming a demanding necessity for many promising scenarios, e.g., health care analysis. Sensitive data are collected and aggregated in a privacy-preserving approach using current Internet of Things (IoT) technology, leading to immense challenge and consequent interest in developing secure computing algorithms for individual and organizational data. However, most existing solutions focus on specific evaluations (e.g., SUM), and they use heavy cryptographic techniques, which are far from practice for constrained IoT devices. The Trusted Execution Environment (TEE, implemented with Intel SGX) can assist in computing arbitrary functions and avoiding resource-consuming operations. Nevertheless, TEE is subject to several challenges because TEE is vulnerable to limited resource and even function violations, e.g., the attacker may bypass the boundary of TEE. In this paper, we propose a lightweight non-interactive privacy-preserving data aggregation scheme for resource-constrained devices, named PANDA, where TEE is introduced to bypass the trusted entities requirement and heavy overhead. Additionally, PANDA explores the certificate-aided function authorization to prevent leakage from unauthorized functions, and designs the public verifiable certificate management to detect the abnormal behaviors of the host to mitigate the external host compromise. We formalize PANDA with rigorous security analysis to indicate privacy protection against the compromised aggregator and analyst. The evaluation results show that PANDA has constant online communication cost and lightweight computation overhead for constrained devices, which is suitable for IoT applications.

Jiang Deng,Chunxiang Xu,Huai Wu,Liju Dong

DOI: https://doi.org/10.1002/cpe.3551

2016-01-01

Abstract:SummaryTo satisfy the applications in certificateless environment, many researchers have been investigating certificateless aggregate signature schemes. Several schemes that are independent with the aggregated numbers are proposed to reduce the computation overhead. In these schemes, the pairing computations that in verification procedure needs are a constant value. Recently, Hou et al. proposed an improved certificateless aggregate signature scheme. They demonstrated the scheme is provably secure in the random oracle model. However, we find that their scheme is insecure in their security model by giving a concrete attack. Then, we propose an improved certificateless signature scheme and use it to construct a new certificateless signature scheme with enhanced security and aggregation. Furthermore, we provide formal security proof of our new scheme. Compared with other four schemes, our enhanced protocol is more suitable for realistic applications. Copyright © 2015 John Wiley & Sons, Ltd.

M. Femminella,R. Francescangeli,G. Reali,H. Schulzrinne

DOI: https://doi.org/10.48550/arXiv.1406.7650

2014-06-30

Networking and Internet Architecture

Abstract:In this paper, we propose a new gossip-based signaling dissemination method for the Next Steps in Signaling protocol family. In more detail, we propose to extend the General Internet Signaling Transport (GIST) protocol, so as to leverage these new dissemination capabilities from all NSIS Signaling Layer Protocol applications using its transport capabilities. The new GIST extension consists of two main procedures: a bootstrap procedure, during which new GIST-enabled nodes discover each other, and a service dissemination procedure, which is used to effectively disseminate signaling messages within an Autonomous System. To this aim, we defined three dissemination models, bubble, balloon, and hose, so as to fulfill requirements of different network and/or service management scenarios. An experimental campaign carried out on the GENI testbed shows the effectiveness of the proposed solution.

Pouyan Fotouhi Tehrani,Raphael Hiesgen,Teresa Lübeck,Thomas C. Schmidt,Matthias Wählisch

DOI: https://doi.org/10.23919/TMA62044.2024.10559089

2024-07-02

Abstract:Integrity and trust on the web build on X.509 certificates. Misuse or misissuance of these certificates threaten the Web PKI security model, which led to the development of several guarding techniques. In this paper, we study the DNS/DNSSEC records CAA and TLSA as well as CT logs from the perspective of the certificates in use. Our measurements comprise 4 million popular domains, for which we explore the existence and consistency of the different extensions. Our findings indicate that CAA is almost exclusively deployed in the absence of DNSSEC, while DNSSEC protected service names tend to not use the DNS for guarding certificates. Even though mainly deployed in a formally correct way, CAA CA-strings tend to not selectively separate CAs, and numerous domains hold certificates beyond the CAA semantic. TLSA records are repeatedly poorly maintained and occasionally occur without DNSSEC.

Cryptography and Security,Networking and Internet Architecture

Ankit Kumar,Max von Hippel,Pete Manolios,Cristina Nita-Rotaru

2023-11-17

Abstract:GossipSub is a new peer-to-peer communication protocol designed to counter attacks from misbehaving peers by controlling what information is sent and to whom, via a score function computed by each peer that captures positive and negative behaviors of its neighbors. The score function depends on several parameters (weights, caps, thresholds) that can be configured by applications using GossipSub. The specification for GossipSub is written in English and its resilience to attacks from misbehaving peers is supported empirically by emulation testing using an implementation in Golang. In this work we take a foundational approach to understanding the resilience of GossipSub to attacks from misbehaving peers. We build the first formal model of GossipSub, using the ACL2s theorem prover. Our model is officially endorsed by the GossipSub developers. It can simulate GossipSub networks of arbitrary size and topology, with arbitrarily configured peers, and can be used to prove and disprove theorems about the protocol. We formalize fundamental security properties stating that the score function is fair, penalizes bad behavior, and rewards good behavior. We prove that the score function is always fair, but can be configured in ways that either penalize good behavior or ignore bad behavior. Using our model, we run GossipSub with the specific configurations for two popular real-world applications: the FileCoin and Eth2.0 blockchains. We show that all properties hold for FileCoin. However, given any Eth2.0 network (of any topology and size) with any number of potentially misbehaving peers, we can synthesize attacks where these peers are able to continuously misbehave by never forwarding topic messages, while maintaining positive scores so that they are never pruned from the network by GossipSub.

Cryptography and Security

Yun Tang,Nan Zhang,Yuanchun Shi,Shiqiang Yang,Yuzhuo Zhong

DOI: https://doi.org/10.1109/ICC.2007.287

2007-01-01

Abstract:The Internet has witnessed a rapid growth in deployment of gossip-based protocol in many multicast applications. In a typical gossip-based protocol, each node independently exchanges data with its neighbors, acting as dual roles of receiver and sender to facilitate scalability and resilience. However, most of previous work in this literature seldom considered cheating issue of end users, which is also very important in face of the fact that the mutual cooperation inherently determines overall system performance.In this paper, we mainly investigate the dishonest behaviors in decentralized gossip-based protocol through extensive experimental study. Our original contributions come in two-fold: In the first part of cheating study, we analytically discuss two typical cheating strategies, that is, intentionally increasing subscription requests and untruthfully calculating forwarding probability, and further evaluate their negative impacts. The results indicate that more attention should be paid on defending cheating behaviors in gossip-based protocol. In the second part of anti-cheating study, we propose a simple receiver-driven measurement mechanism, which evaluates individual forwarding traffic from the perspective of receivers and thus identifies cheating nodes with high incoming/outgoing ratio. The experiments under various conditions show that it performs quite well in case of serious cheating and achieves considerable performance in other cases.

Y. Rajkumar,S. V. N. Santhosh Kumar

DOI: https://doi.org/10.1007/s12083-024-01636-8

IF: 3.488

2024-02-23

Peer-to-Peer Networking and Applications

Abstract:Traffic data generated by the vehicles are often transported in a wide open wireless communication channel which poses several security and privacy vulnerabilities. In case of any malicious or illicit behavior exhibited by the vehicles, it is difficult to trace back the original identity. Hence message authentication and traceability plays a major role in achieving the stability of the network. To address the objectives of message authentication and traceability, a lightweight privacy preserving distributed certificate-less aggregate signature authentication technique has been proposed. The proposed work utilized pseudo-identity and partial private keys which are distributed to perform mutual authentication and key revocation in case of legal proceedings that incurs computations which are lightweight. Formal and informal security analysis has been provided to demonstrate the strength of the authentication scheme using random-oracle model. In this work, the experiment has been carried by utilizing MIRACL C + + cryptographic library and by OMNET + + Simulator. The proposed scheme performs mutual authentication using certificate-less scheme thereby reducing the computational cost of 2.0284 ms with a reduction in the verification delay around 90% when compared with the other existing authentication schemes.

computer science, information systems,telecommunications

Hu Xiong,Qianhong Wu,Zhong Chen

DOI: https://doi.org/10.1109/INCoS.2011.151

2011-01-01

Abstract:An aggregate signature scheme allows a public algorithm to aggregate n signatures of n distinct messages from n signers into a single signature. By validating the single resulting signature, one can be convinced that the messages have been endorsed by all the signers. Certificateless aggregate signatures allow the signers to authenticate messages without suffering from the complex certificate management in the traditional public key cryptography or the key escrow problem in identity-based cryptography. In this paper, we present a new efficient certificate less aggregate signature scheme. Compared with up-to-date certificate less aggregate signatures, our scheme is equipped with a number of attracting features: (1) it is shown to be secure under the standard computational Diffie-Hellman assumption in the random oracle model, (2) the security is proven in the strongest security model so far, (3) the signers do not need to be synchronized, and (4) its performance is comparable to the most efficient up-to-date schemes. These features are desirable in a mobile networking and computing environment where the storage/computation capacity of the end devices are limited, and due to the wireless connection and distributed feature, the computing devices are easy to be attacked and hard to be synchronized.

Bargav Jayaraman,Hannah Li,David Evans

DOI: https://doi.org/10.48550/arXiv.1706.03370

2017-10-10

Abstract:The security of TLS depends on trust in certificate authorities, and that trust stems from their ability to protect and control the use of a private signing key. The signing key is the key asset of a certificate authority (CA), and its value is based on trust in the corresponding public key which is primarily distributed by browser vendors. Compromise of a CA private key represents a single point-of-failure that could have disastrous consequences, so CAs go to great lengths to attempt to protect and control the use of their private keys. Nevertheless, keys are sometimes compromised and may be misused accidentally or intentionally by insiders. We propose splitting a CA's private key among multiple parties, and producing signatures using a generic secure multi-party computation protocol that never exposes the actual signing key. This could be used by a single CA to reduce the risk that its signing key would be compromised or misused. It could also enable new models for certificate generation, where multiple CAs would need to agree and cooperate before a new certificate can be generated, or even where certificate generation would require cooperation between a CA and the certificate recipient (subject). Although more efficient solutions are possible with custom protocols, we demonstrate the feasibility of implementing a decentralized CA using a generic two-party secure computation protocol with an evaluation of a prototype implementation that uses secure two-party computation to generate certificates signed using ECDSA on curve secp192k1.

Cryptography and Security

Qi Li,Mingwei Xu,Jianping Wu,Xinwen Zhang,Patrick P. C. Lee,Ke Xu

DOI: https://doi.org/10.1109/tifs.2011.2177822

IF: 7.231

2011-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The weak trust model in Border Gateway Protocol (BGP) introduces severe vulnerabilities for Internet routing including active malicious attacks and unintended misconfigurations. Although various secure BGP solutions have been proposed, the complexity of security enforcement and data-plane attacks still remain open problems. We propose TBGP, a trusted BGP scheme aiming to achieve high authenticity of Internet routing with a simple and lightweight attestation mechanism. TBGP introduces a set of route update and withdrawal rules that, if correctly enforced by each router, can guarantee the authenticity and integrity of route information that is announced to other routers in the Internet. To verify this enforcement, an attestation service running on each router provides interfaces for a neighboring router to challenge the integrity of its routing stack, enforced rules, and the attestation service itself. If this attestation succeeds, the neighboring router updates its routing table or announces the route to its neighbors, following the same rules. Thus, a router on a routing path only needs to verify one neighbor's routing status to ensure that the route information is valid. Through this, TBGP builds a transitive trust relationship among all routers on a routing path. We implement a prototype of TBGP to investigate its practicality. In our implementation, we use identity-based signature and trusted computing techniques to further reduce the complexity of security operations. Our security analysis and performance study shows that TBGP can achieve the security goals of BGP with significantly better convergence performance and lower computation overhead than existing secure BGP solutions.

Mohammad Khodaei,Panos Papadimitratos

DOI: https://doi.org/10.1145/3212480.3212481

2018-07-08

Abstract:In spite of progress in securing Vehicular Communication (VC) systems, there is no consensus on how to distribute Certificate Revocation Lists (CRLs). The main challenges lie exactly in (i) crafting an efficient and timely distribution of CRLs for numerous anonymous credentials, pseudonyms, (ii) maintaining strong privacy for vehicles prior to revocation events, even with honest-but-curious system entities, (iii) and catering to computation and communication constraints of on-board units with intermittent connectivity to the infrastructure. Relying on peers to distribute the CRLs is a double-edged sword: abusive peers could "pollute" the process, thus degrading the timely CRLs distribution. In this paper, we propose a vehicle-centric solution that addresses all these challenges and thus closes a gap in the literature. Our scheme radically reduces CRL distribution overhead: each vehicle receives CRLs corresponding only to its region of operation and its actual trip duration. Moreover, a "fingerprint" of CRL 'pieces' is attached to a subset of (verifiable) pseudonyms for fast CRL 'piece' validation (while mitigating resource depletion attacks abusing the CRL distribution). Our experimental evaluation shows that our scheme is efficient, scalable, dependable, and practical: with no more than 25 KB/s of traffic load, the latest CRL can be delivered to 95% of the vehicles in a region (50x50 KM) within 15s, i.e., more than 40 times faster than the state-of-the-art. Overall, our scheme is a comprehensive solution that complements standards and can catalyze the deployment of secure and privacy-protecting VC systems.

Cryptography and Security