• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 37
  • 8
  • 6
  • 5
  • 3
  • 3
  • 1
  • 1
  • 1
  • 1
  • Tagged with
  • 69
  • 69
  • 69
  • 44
  • 44
  • 21
  • 17
  • 17
  • 16
  • 15
  • 15
  • 14
  • 14
  • 11
  • 11
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
11

Efficient asynchronous accumulators for distributed PKI

Yakoubov, Sophia 12 February 2016 (has links)
Cryptographic accumulators are a tool for compact set representation and secure set membership proofs. When an element is added to a set by means of an accumulator, a membership witness is generated. This witness can later be used to prove the membership of the element. Typically, the membership witness has to be synchronized with the accumulator value, and to be updated every time another element is added to the accumulator. In this work we propose an accumulator that, unlike any prior scheme, does not require strict synchronization. In our construction a membership witness needs to be updated only a logarithmic number of times in the number of subsequent element additions. Thus, an out-of-date witness can be easily made current. Vice versa, a verifier with an out-of-date accumulator value can still verify a current membership witness. These properties make our accumulator construction uniquely suited for use in distributed applications, such as blockchain-based public key infrastructures.
12

Improving Privacy With Intelligent Cooperative Caching In Vehicular Ad Hoc Networks

Unknown Date (has links)
With the issuance of the Notice of Proposed Rule Making (NPRM) for Vehicle to Vehicle (V2V) communications by the United States National Highway Tra c Safety Administration (NHTSA), the goal of the widespread deployment of vehicular networking has taken a signi cant step towards becoming a reality. In order for consumers to accept the technology, it is expected that reasonable mechanisms will be in place to protect their privacy. Cooperative Caching has been proposed as an approach that can be used to improve privacy by distributing data items throughout the mobile network as they are requested. With this approach, vehicles rst attempt to retrieve data items from the mobile network, alleviating the need to send all requests to a centralized location that may be vulnerable to an attack. However, with this approach, a requesting vehicle may expose itself to many unknown vehicles as part of the cache discovery process. In this work we present a Public Key Infrastructure (PKI) based Cooperative Caching system that utilizes a genetic algorithm to selectively choose members of the mobile network to query for data items with a focus on improving overall privacy. The privacy improvement is achieved by avoiding those members that present a greater risk of exposing information related to the request and choosing members that have a greater potential of having the needed data item. An Agent Based Model is utilized to baseline the privacy concerns when using a broadcast based approach to cache discovery. In addition, an epidemiology inspired mathematical model is presented to illustrate the impact of reducing the number of vehicles queried during cache discovery. Periodic reports from neighboring vehicles are used by the genetic algorithm to identify which neighbors should be queried during cache discovery. In order for the system to be realistic, vehicles must trust the information in these reports. A PKI based approach used to evaluate the trustworthiness of each vehicle in the system is also detailed. We have conducted an in-depth performance study of our system that demonstrates a signi cant reduction in the overall risk of exposure when compared to broadcasting the request to all neighbors. / Includes bibliography. / Dissertation (Ph.D.)--Florida Atlantic University, 2017. / FAU Electronic Theses and Dissertations Collection
13

Design and Implementation of Key Exchange Mechanisms for Software Artifacts using Ocean Protocol.

Myadam, Nishkal Gupta, Patnam, Bhavith January 2020 (has links)
During the modern times, innovators and researchers developed a key technology known as Artificial Intelligence (AI) Marketplace which leverages the power of AI to efficiently utilize the data generated by millions of devices to create new and better services and software products. H2020 Bonseyes is one such project that provides us a collaborative cloud based model of the AI marketplace for the users who generally don’t have access to large data sets, algorithms etc by allowing them to collaborate which each other and exchange the software artifacts. Collaboration leads to issues related to authentication and authorization which are addressed by Public Key In- frastructure(PKI).The main component of the PKI is the Certificate Authority which acts a anchor of trust, whose architecture is designed to be centralized. Centralized architecture is prone to many attacks and also failures which makes it vulnerable and weak.The adverse effects of the CA based PKI can be avoided by implementing a distributed PKI.This thesis focuses on a hybrid methodology consisting of Qualitative and Quanti- tative analysis by performing a literature review for accumulating knowledge from the Ocean Protocol which is a decentralized AI marketplace.The thesis aims to design and implement the framework used in the ocean protocol and evaluate its performance.The thesis also aims to develop a reference framework to be compatible with the Bonseyes Project. Moreover, our research also provides the reader with the concepts and technologies used in other implementations of distributed PKI.
14

Design systems in the Public Key Infrastructure area : Usability, ethics, and impact

Lucchetta, Jessica January 2022 (has links)
This research was conducted in the field of public key infrastructures (PKI). This sector is highly confidential and deals with managing security through encryption. The products in this area are technical: the user interface and user experience aspects are not prioritized and they are usually ignored or downplayed. Neglecting these aspects can lead to different ethical risks not only to the company but also to its customers. In the field of public key infrastructures, design is, therefore, a matter of ethical concern. The purpose of this research is to analyse what are the ethical risks and principles that should be taken into consideration when creating a design system for public key infrastructure products. To find an answer, the study was divided into 3 phases. A preliminary analysis was carried out to identify possible ethical principles, subsequently, two rounds of interviews were conducted with 8 employees of a leading PKI company. The scope of the interviews was to establish the relevance of these principles and identify the associated risks. The results suggest that the design system should take into account 6 ethical principles: transparency, inclusiveness and accessibility, autonomy, security and privacy, accountability and resilience. The principle of transparency can be applied to the design system through a clear user interface and simpler workflows while inclusiveness and accessibility can be tackled by considering even non-technical audits and people with disabilities during the design process. To make the user more autonomous, it is important to act on the workflow in order to reduce the use of external documentation and the possibility of managing automation in a simple way. Security and privacy are the foundations of PKI products and therefore user interface and experience should not in any way limit these principles, but rather facilitate the procedures necessary to make products safe. The tracking of the users’ actions is crucial in this field, however, the design should make the review of the activities easy and clearly convey the concept to tracked users. Finally, resilience can find application in the design, even if partially, and try to block malicious product uses. / Denna forskning utfördes inom området för public key infrastructures (PKI). Denna sektor är mycket konfidentiell och har att göra med hanteringen av säkerhet genom kryptering. Produkterna inom detta område är tekniska: användargränssnittet och användarupplevelseaspekterna prioriteras inte och de ignoreras eller förringas vanligtvis. Att se bort från dessa aspekter kan leda till olika etiska risker inte bara för företaget utan även för dess kunder. Inom området för public key infrastructure är design därför en fråga av etisk angelägenhet. Syftet med denna forskning är att analysera vilka etiska risker och principer som bör beaktas när man skapar ett designsystem för public key infrastructure. För att hitta ett svar delades studien upp i 3 faser. En preliminär analys genomfördes för att identifiera möjliga etiska principer, därefter genomfördes två omgångar av intervjuer med 8 anställda på ett ledande PKI-företag. Intervjuernas omfattning var att fastställa relevansen av dessa principer och identifiera de associerade riskerna. Resultaten tyder på att designsystemet bör ta hänsyn till 6 etiska principer: transparens, inkludering och tillgänglighet, autonomi, säkerhet och integritet, ansvarighet och motståndskraft. Principen om transparens kan appliceras på designsystemet genom ett tydligt användargränssnitt och enklare arbetsflöden samtidigt som inkludering och tillgänglighet kan hanteras genom att beakta även icke-tekniska revisioner och personer med funktionshinder under designprocessen. För att göra användaren mer självständig är det viktigt att vara verksam på arbetsflödet för att minska användningen av extern dokumentation och möjligheten att hantera automatisering på ett enkelt sätt. Säkerhet och integritet är grunden för PKI-produkter och därför bör användargränssnitt och erfarenhet inte på något sätt begränsa dessa principer, utan snarare underlätta de procedurer som krävs för att göra produkter säkra. Spårningen av användarnas handlingar är avgörande inom detta område, dock bör designen göra granskningen av aktiviteterna enkel och tydligt förmedla konceptet till spårade användare. Slutligen kan resistens hitta tillämpning i designen, även om den enbart är partiell, och försöka blockera skadlig produktanvändning.
15

Accountable Security Architectures for Protecting Telemetry Data

Kalibjian, Jeffrey R. 10 1900 (has links)
International Telemetering Conference Proceedings / October 22-25, 2001 / Riviera Hotel and Convention Center, Las Vegas, Nevada / Today there are many security solutions available which can facilitate both protection and sharing of telemetry data. While the technologies behind these solutions are maturing [1] [2] [3], most products lack a consistent and coherent paradigm for enforcing who is able to access the secured data, what is done with it, and insuring it can be recovered if the person who secured it is disabled.
16

Installation, configuration and operational testing of a PKI certificate server and its supporting services

Kelly, Amanda M., Ambers, Vanessa P. 06 1900 (has links)
Approved for public release; distribution is unlimited / Public key infrastructure (PKI) was created to provide the basic services of confidentiality, authenticity, integrity and non-repudiation for sensitive information that may traverse public (un-trusted) networks. This thesis provides a brief description of the background and functional components of a PKI, and then "builds" a PKI to be used for research at the Naval Postgraduate School (NPS). Deficiencies of this PKI with respect to DoD PKI policy are delineated. The thesis addresses details of software selection, installation, configuration and operation; using Netscape's Certificate Management System as its Certificate Authority application of choice. The functionality of this PKI was validated by testing all major certificate lifecycle events (creation, archival, revocation, validation, etc.) All but two of these tests were successful-key escrow and revocation checking-and thus these two remain to be addressed by further work to make the NPS PKI fully functional. / First Lieutenant, United States Air Force / Lieutenant Commander, United States Navy
17

Signatures électroniques avancées : modélisation de la validation à long terme et sécurité des autorités de certification / Advanced electronic signatures : modeling long-term validation and the security of certification authorities

Ben Mbarka, Moez 06 April 2011 (has links)
Il est nécessaire qu'une signature électronique garde ses propriétés de sécurité durant sa période archivage légale. La première partie de ce mémoire adresse cette problématique en formalisant la validation de signature à long terme. On utilise notre modèle pour définir la sémantique d'une règle de résolution de litige et pour formaliser plusieurs notions tels que la preuve de jugement, son expiration et son renouvellement. La révocation est l'un des principaux aspects formalisés par le modèle. La gestion de la révocation est particulièrement critique pour une Autorité de Certification. Dans un premier temps, on investigue différent niveaux de compromission et de révocations. Ensuite, on adresse la sécurité de l'application de signature de certificats. On propose une solution qui permet au module cryptographique de l'AC de déléguer les vérifications sur les requêtes de signature de certificats, à un environnement moins sécurisé mais avec une puissance de calcul plus importante. / Nowadays digital signature schemes and infrastructures have time limitations. This situation is disturbing considering that there are many cases, such as government records, where the signatures are required to be kept valid for a long period of time. In this thesis, we address this issue by modeling signature validation in the scope of a dispute between a verifier and a signer. The model is accompanied with a formal calculus to formalize several important concepts in the scope of long-term validation, such as judgment proof, proof expiration and renewal. Certificate revocation is one of the main issues considered by the model. Revocation is particularly critical for a Certification Authority (CA). We investigate this issue in the scope of the revocation settings allowed in X.509 and we show that some settings permit efficient countermeasures to prevent the revocation of the CA. For the same objective, we investigate approaches allowing to combine hardware protection with fine-tuned control on the usage of the CA's key. We propose a general solution which allows the execution of the of CA's certification policies at a processor which runs in an insecure environment under the control of the CA's secure module.
18

Design and analysis of key establishment protocols

Unknown Date (has links)
Consider a scenario where a server S shares a symmetric key kU with each user U. Building on a 2-party solution of Bohli et al., we describe an authenticated 3-party key establishment which remains secure if a computational Bilinear Diffie Hellman problem is hard or the server is uncorrupted. If the BDH assumption holds during a protocol execution, but is invalidated later, entity authentication and integrity of the protocol are still guaranteed. Key establishment protocols based on hardness assumptions, such as discrete logarithm problem (DLP) and integer factorization problem (IFP) are vulnerable to quantum computer attacks, whereas the protocols based on other hardness assumptions, such as conjugacy search problem and decomposition search problem can resist such attacks. The existing protocols based on the hardness assumptions which can resist quantum computer attacks are only passively secure. Compilers are used to convert a passively secure protocol to an actively secure protoc ol. Compilers involve some tools such as, signature scheme and a collision-resistant hash function. If there are only passively secure protocols but not a signature scheme based on same assumption then the application of existing compilers requires the use of such tools based on different assumptions. But the introduction of new tools, based on different assumptions, makes the new actively secure protocol rely on more than one hardness assumptions. We offer an approach to derive an actively secure two-party protocol from a passively secure two-party protocol without introducing further hardness assumptions. This serves as a useful formal tool to transform any basic algebric method of public key cryptography to the real world applicaticable cryptographic scheme. In a recent preprint, Vivek et al. propose a compiler to transform a passively secure 3-party key establishment to a passively secure group key establishment. To achieve active security, they apply this compiler to Joux's / protoc ol and apply a construction by Katz and Yung, resulting in a 3-round group key establishment. In this reserach, we show how Joux's protocol can be extended to an actively secure group key establishment with two rounds. The resulting solution is in the standard model, builds on a bilinear Diffie-Hellman assumption and offers forward security as well as strong entity authentication. If strong entity authentication is not required, then one half of the participants does not have to send any message in the second round, which may be of interest for scenarios where communication efficiency is a main concern. / by Kashi Neupane. / Thesis (Ph.D.)--Florida Atlantic University, 2012. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2012. Mode of access: World Wide Web.
19

Análise de elementos jurídico-tecnológicos que compõem a assinatura digital certificada digitalmente pela Infra-estrutura da Chaves Públicas do Brasil (ICP-Brasil). / Analysis of legal-technological elements that compose the certifyd digital signature for the infrastructure of public keys of Brazil (ICP-Brasil).

Guelfi, Airton Roberto 22 March 2007 (has links)
Este trabalho faz uma análise crítica dos elementos jurídicos-tecnológicos de uma assinatura digital certificada digitalmente. O primeiro aspecto a ser abordado advém da verificação da competência para o desenvolvimento da atividade de certificação, em decorrência da natureza jurídica do certificado digital. Consoante se verificou, o certificado digital é o instrumento hábil a assegurar a autenticidade dos documentos eletrônicos por meio de uma assinatura digital. Dessa forma, equipara-se ao ato de reconhecimento de firma, atividade notarial desenvolvida pelos Cartórios Notariais, de acordo com a competência fixada no artigo 236 da Constituição da República Federativa do Brasil. Todavia, segundo regra presente na Medida Provisória 2.200-2/01, desde 2001 essa atividade vem sendo desenvolvida sob a competência do Governo Federal, através do Instituto Nacional de Tecnologia da Informação - ITI (Autoridade Certificadora Raiz da Infraestrutura de Chaves Públicas do Brasil. Como decorrência tem-se que a Medida Provisória 2.200-2/01 é inconstitucional, uma vez que não respeita regra de competência material fixada pela Constituição da República Federativa do Brasil para o desenvolvimento da atividade notarial. Sob um prisma tecnológico, têm-se que a ICP-Brasil, por meio de seu Comitê Gestor, fixa expressamente qual a tecnologia que deve ser empregada para a produção das assinaturas digitais. Neste caminho, até maio de 2006, entre outros, foi indicado o algoritmo criptográfico de função hash MD5 para a geração das assinaturas digitais com autenticidade e integridade garantidas por lei. Todavia, o MD5 perdeu sua utilidade em 2004, quando foi quebrado, ocasionando a possibilidade de fraudes, inclusive a geração de documentos eletrônicos forjados. Sem dúvida, a legislação brasileira vinha assegurando validade jurídica e força probante a documentos eletrônicos assinados com algoritmo criptográfico de função hash MD5 que poderiam ter sido forjados. Para que o documento eletrônico assinado digitalmente possa ser amplamente utilizado em relações sociais é preciso que regras jurídicas e tecnológicas sejam respeitadas, sob pena de se criar uma enorme insegurança social. / This work presents a critical analysis of the technology and law aspects of certified digital signatures, and their implementation in Brazil. We discuss and verify the competency rules that apply to the certification activity according to the legal nature of the digital certificate. A digital certificate is the instrument that secures the authenticity of an electronic document by means of a digital signature. According to the article 236 of the Brazilian Constitution, authenticity certifications are of exclusive competence of public notaries. Nevertheless, based on an under constitutional statute, digital certification has being conducted by the Federal Government thru its National Institute of Information Technology (Instituto Nacional de Tecnologia da Informação - ITI), who is responsible for the Brazilian public key root certification authority. We found that the statute that supports those activities (Medida Provisória 2.200-2/01) is unconstitutional, and therefore invalid and unenforceable, since it does not satisfy constitutional rules of material competency. Under a technology view, we find that the Managing Committee of the Brazilian Public Key Infrastructure explicitly defines the technology to be used in digital signatures. According to that ruling, until may 2006, among others, the MD5 hashing algorithm was used to generate digital signatures with statutory presumption of authenticity and integrity. Nevertheless, MD5 lost its technical usefulness in 2004, when it was broken, and became prone to fraud such as the generation of forged electronic documents. There is no doubt that Brazilian legislation gave legal value and probatory force to electronic documents signed using the already broken MD5 hashing algorithm that could very well had been forged. Digitally signed electronic documents can only be successfully used if legal rules and the technological aspects be fully understood and respected. Otherwise, the result will be high levels of uncertainty in law relations.
20

Message authentication in an identity-based encryption scheme: 1-Key-Encrypt-Then-MAC

Unknown Date (has links)
We present an Identity-Based Encryption scheme, 1-Key-Encrypt-Then-MAC, in which we are able to verify the authenticity of messages using a MAC. We accomplish this authentication by combining an Identity-Based Encryption scheme given by Boneh and Franklin, with an Identity-Based Non-Interactive Key Distribution given by Paterson and Srinivasan, and attaching a MAC. We prove the scheme is chosen plaintext secure and chosen ciphertext secure, and the MAC is existentially unforgeable. / by Brittanney Jaclyn Amento. / Thesis (M.S.)--Florida Atlantic University, 2010. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2010. Mode of access: World Wide Web.

Page generated in 0.0899 seconds