Secure Browser-Based Instant Messaging

Robison, Christopher Douglas

22 September 2012

Instant messaging is a popular form of communication over the Internet. Statistics show that instant messaging has overtaken email in popularity. Traditionally, instant messaging has consisted of a desktop client communicating with other clients via an instant messaging service provider. However, instant messaging solutions are starting to become available in the web browser–services like Google Talk, Live Messenger and Facebook. Despite the work done by researchers to secure instant messaging networks, little work has been done to secure instant messaging in the browser. We present secure browser-based instant messaging overlays as a means to enable convenient, secure communication in existing browser-based instant messaging interfaces. Additionally, we present a prototype implementation of the secure messaging overlays and the results of two user studies--the first study focusing on user interest in secure chat and the second being a usability study of the prototype.

secure instant messaging

secure chat

Facebook Chat

Private Facebook Chat

Computer Sciences

Secure Base Leadership: A Positive Theory of Leadership Incorporating Safety, Exploration and Positive Action

Coombe, Duncan David

06 July 2010

No description available.

Organizational Behavior

Secure Base Leadership

Secure Base

Attachment Theory

Love

Safety and Exploration

Design Techniques for Side-channel Resistant Embedded Software

Sinha, Ambuj Sudhir

25 August 2011

Side Channel Attacks (SCA) are a class of passive attacks on cryptosystems that exploit implementation characteristics of the system. Currently, a lot of research is focussed towards developing countermeasures to side channel attacks. In this thesis, we address two challenges that are an inherent part of the efficient implementation of SCA countermeasures. While designing a system, design choices made for enhancing the efficiency or performance of the system can also affect the side channel security of the system. The first challenge is that the effect of different design choices on the side channel resistance of a system is currently not well understood. It is important to understand these effects in order to develop systems that are both secure and efficient. A second problem with incorporating SCA countermeasures is the increased design complexity. It is often difficult and time consuming to integrate an SCA countermeasure in a larger system. In this thesis, we explore that above mentioned problems from the point of view of developing embedded software that is resistant to power based side channel attacks. Our first work is an evaluation of different software AES implementations, from the perspective of side channel resistance, that shows the effect of design choices on the security and performance of the implementation. Next we present work that identifies the problems that arise while designing software for a particular type of SCA resistant architecture - the Virtual Secure Circuit. We provide a solution in terms of a methodology that can be used for developing software for such a system - and also demonstrate that this methodology can be conveniently automated - leading to swifter and easier software development for side channel resistant designs. / Master of Science

Bitslice Cryptography

Side Channel Attacks

Virtual Secure Circuit

Secure Embedded Systems

Side-channel Countermeasures

Search over Encrypted Data in Cloud Computing

Wang, Bing

25 June 2016

Cloud computing which provides computation and storage resources in a pay-per-usage manner has emerged as the most popular computation model nowadays. Under the new paradigm, users are able to request computation resources dynamically in real-time to accommodate their workload requirements. The flexible resource allocation feature endows cloud computing services with the capability to offer affordable and efficient computation services. However, moving data and applications into the cloud exposes a privacy leakage risk of the user data. As the growing awareness of data privacy, more and more users begin to choose proactive protection for their data in the cloud through data encryption. One major problem of data encryption is that it hinders many necessary data utilization functions since most of the functions cannot be directly applied to the encrypted data. The problem could potentially jeopardize the popularity of the cloud computing, therefore, achieving efficient data utilization over encrypted data while preserving user data privacy is an important research problem in cloud computing. The focus of this dissertation is to design secure and efficient schemes to address essential data utilization functions over encrypted data in cloud computing. To this end, we studied three problems in this research area. The first problem that is studied in this dissertation is fuzzy multi-keyword search over encrypted data. As fuzzy search is one of the most useful and essential data utilization functions in our daily life, we propose a novel design that incorporates Bloom filter and Locality-Sensitive Hashing to fulfill the security and function requirements of the problem. Secondly, we propose a secure index which is based on the most popular index structure, i.e., the inverted index. Our innovative design provides privacy protection over the secure index, the user query as well as the search pattern and the search result. Also, users can verify the correctness of the search results to ensure the proper computation is performed by the cloud. Finally, we focus ourselves on the privacy-sensitive data application in cloud computing, i.e., genetic testings over DNA sequences. To provide secure and efficient genetic testings in the cloud, we utilize Predicate Encryption and design a bilinear pairing based secure sequence matching scheme to achieve strong privacy guarantee while fulfilling the functionality requirement efficiently. In all of the three research thrusts, we present thorough theoretical security analysis and extensive simulation studies to evaluate the performance of the proposed schemes. The results demonstrate that the proposed schemes can effectively and efficiently address the challenging problems in practice. / Ph. D.

Cloud Computing

Data Privacy

Searchable Encryption

Secure Pattern Matching

Secure Computation

Towards Secure Outsourced Data Services in the Public Cloud

Sun, Wenhai

25 July 2018

Past few years have witnessed a dramatic shift for IT infrastructures from a self-sustained model to a centralized and multi-tenant elastic computing paradigm -- Cloud Computing, which significantly reshapes the landscape of existing data utilization services. In truth, public cloud service providers (CSPs), e.g. Google, Amazon, offer us unprecedented benefits, such as ubiquitous and flexible access, considerable capital expenditure savings and on-demand resource allocation. Cloud has become the virtual ``brain" as well to support and propel many important applications and system designs, for example, artificial intelligence, Internet of Things, and so forth; on the flip side, security and privacy are among the primary concerns with the adoption of cloud-based data services in that the user loses control of her/his outsourced data. Encrypting the sensitive user information certainly ensures the confidentiality. However, encryption places an extra layer of ambiguity and its direct use may be at odds with the practical requirements and defeat the purpose of cloud computing technology. We believe that security in nature should not be in contravention of the cloud outsourcing model. Rather, it is expected to complement the current achievements to further fuel the wide adoption of the public cloud service. This, in turn, requires us not to decouple them from the very beginning of the system design. Drawing the successes and failures from both academia and industry, we attempt to answer the challenges of realizing efficient and useful secure data services in the public cloud. In particular, we pay attention to security and privacy in two essential functions of the cloud ``brain", i.e. data storage and processing. Our first work centers on the secure chunk-based deduplication of encrypted data for cloud backup and achieves the performance comparable to the plaintext cloud storage deduplication while effectively mitigating the information leakage from the low-entropy chunks. On the other hand, we comprehensively study the promising yet challenging issue of search over encrypted data in the cloud environment, which allows a user to delegate her/his search task to a CSP server that hosts a collection of encrypted files while still guaranteeing some measure of query privacy. In order to accomplish this grand vision, we explore both software-based secure computation research that often relies on cryptography and concentrates on algorithmic design and theoretical proof, and trusted execution solutions that depend on hardware-based isolation and trusted computing. Hopefully, through the lens of our efforts, insights could be furnished into future research in the related areas. / Ph. D.

Cloud Computing

Privacy-preserving Keyword Search

Verifiable Computation

Secure Genomic Computation

Secure Data Deduplication

Trusted Hardware

Patterns of safe collaboration

Spiessens, Fred

21 February 2007

When practicing secure programming, it is important to understand the restrictive influence programmed entities have on the propagation of authority in a program. To precisely model authority propagation in patterns of interacting entities, we present a new formalism Knowledge Behavior Models (KBM). To describe such patterns, we present a new domain specific declarative language SCOLL (Safe Collaboration Language), which semantics are expressed by means of KBMs. To calculate the solutions for the safety problems expressed in SCOLL, we have built SCOLLAR: a model checker and solver based on constraint logic programming. SCOLLAR not only indicates whether the safety requirements are guaranteed by the restricted behavior of the relied-upon entities, but also lists the different ways in which their behavior can be restricted to guarantee the safety properties without precluding their required functionality and (re-)usability. How the tool can help programmers to build reliable components that can safely interact with partially or completely untrusted components is shown in elaborate examples.

Capabilities

Secure programming language

Capability security

Formal model

Secure programming

Software security

Scoll

Secure software

Scollar

Safe collaboration language

Security

Knowledge behavior models

Capability based security

Secure multi-constrained QoS reliable routing algorithm for vehicular ad hoc networks (VANETs)

Hashem Eiza, Mahmoud

January 2014

Vehicular Ad hoc Networks (VANETs) are a particular form of wireless network made by vehicles communicating among themselves and with roadside base stations. A wide range of services has been developed for VANETs ranging from safety to infotainment applications. A key requirement for such services is that they are offered with Quality of Service (QoS) guarantees in terms of service reliability and availability. Furthermore, due to the openness of VANET’s wireless channels to both internal and external attacks, the application of security mechanisms is mandatory to protect the offered QoS guarantees. QoS routing plays an essential role in identifying routes that meet the QoS requirements of the offered service over VANETs. However, searching for feasible routes subject to multiple QoS constraints is in general an NP-hard problem. Moreover, routing reliability needs to be given special attention as communication links frequently break in VANETs. To date, most existing QoS routing algorithms are designed for stable networks without considering the security of the routing process. Therefore, they are not suitable for applications in VANETs. In this thesis, the above issues are addressed firstly by developing a link reliability model based on the topological and mathematical properties of vehicular movements and velocities. Evolving graph theory is then utilised to model the VANET communication graph and integrate the developed link reliability model into it. Based on the resulting extended evolving graph model, the most reliable route in the network is picked. Secondly, the situational awareness model is applied to the developed reliable routing process because picking the most reliable route does not guarantee reliable transmission. Therefore, a situation-aware reliable multipath routing algorithm for VANETs is proposed. Thirdly, the Ant Colony Optimisation (ACO) technique is employed to propose an Ant-based multi-constrained QoS (AMCQ) routing algorithm for VANETs. AMCQ is designed to give significant advantages to the implementation of security mechanisms that are intended to protect the QoS routing process. Finally, a novel set of security procedures is proposed to defend the routing process against external and internal threats. Simulation results demonstrate that high levels of QoS can be still guaranteed by AMCQ even when the security procedures are applied.

388.3

Secure and Trusted Mobile Commerce System based on Virtual Currencies

Kounelis, Ioannis

January 2015

With the widespread usage of mobile devices and their applications, many areas of innovation have created a multitude of opportunities for mobile technologies to be deployed with very interesting effects. One such new area that emerged in the last few years is mobile commerce. It represents a system where various entities create real–life or digital assets, distribute information about them to interested consumers, execute transactions, accept various types of compensation methods, and finally deliver these assets; all of it in a secure and trusted manner, respecting users’ privacy. Since mobile devices are increasingly used for m-commerce, it is important to ensure that users’ data on such devices are kept secure. Mobile devices contain many of our personal and private data and information, since we nowadays use them for all kind of activities, both personal and professional. However, such data and information are not always treated in a secure and privacy friendly way. The goal of this thesis is to identify and provide solutions to security related problems found on mobile devices, such as communications, storage and mobile application design, and with the use of cryptocurrencies to combine the findings in the design of a secure mobile commerce system. As a result, this thesis describes a design and architecture of a secure e-commerce system, called eAgora, primarily exploiting mobile technology. The system is innovative as it treats digital goods, classified and called mobile commerce objects. Based on the attributes and anticipated use of such specific m–commerce objects, different security and privacy measures for each of them are needed and enforced. The goal was to design a system that deals with mobile commerce in a secure and privacy friendly way in all the lifecycle of the transactions. As users are mostly using mobile devices to connect to the proposed services, research first focused on mobile device security and privacy issues, such as insecure storage on the mobile device, insecure handling of user credentials and personal information, and insecure communications. Issues not only coming from the device itself but also from the nature of it; being mobile it is used in a different way that the classical desktop computers. Mobile devices are used in public, in an environment that cannot be controlled, and are interfacing a variety of networks that are not under the mobile device user’s control. Potential attackers’ interest was analysed in different mobile commerce scenarios in order to understand the needs for security enhancements. After having analyzed the possible threats, a methodology for mobile application development that would allow many common development errors to be avoided and security and privacy mechanisms to be considered by design was specified. Moreover, in order to provide secure storage and guard against active and passive intruder attacks, a secure Mobile Crypto Services Provider facility that allows storage of data on the UICC cards was designed and implemented. In order to secure communications, a secure e-mail application was designed and implemented. The application provides a user-friendly way to encrypt and sign e-mails, using the users’ already working e-mail accounts. The security functionality is completely transparent to users and ensures confidentiality and integrity of e-mail exchange. For the mobile commerce system, an architecture that enables exchange of m-commerce objects between different merchants, customers and retailers is proposed. Inthe architecture, policy enforcement and the feature to detect suspicious events that may be illegal and to cooperate with law enforcement was embedded. The newly defined technology of virtual currencies is used as a payment facilitator within the proposed architecture. Many of its innovative features are adopted but some are also extended, such as the secure use of the user wallet files, i.e. the files that link the user with the virtual currencies and enable payment transactions between customers and merchants. Although there is no distinction between different virtual currencies, Bitcoin is used as an example of a market valued trading currency to validate and evaluate the proposed secure e-commerce architecture and the findings have been applied on it. The thesis provides detailed use cases that demonstrate how the proposed architecture of eAgora functions in different complicated e-trading circumstances and how different security related mechanisms are used. The thesis concludes with the analysis of the research results and with proposed directions for future research and development works. / <p>QC 20150521</p>

security

secure e-mail

mobile commerce

uicc

crypto currency

Using Ambient Radio Environment to Support Practical Pervasive Computing

Varshavsky, Alexander

26 February 2009

Mobile applications can benefit from increased awareness of the device's context. Unfortunately, existing solutions for inferring context require special purpose sensors or beacons on the mobile devices or in the physical environment. This requirement significantly limits the deployment of these solutions. In this thesis, I argue that mobile devices can infer a substantial amount of their context by leveraging their existing wireless interfaces to monitor ambient radio sources, such as GSM cell towers or WiFi access points. I focus on two important problems in context-aware computing: localization of mobile devices and detecting proximity between mobile devices for authentication purposes. Specifically, I present an accurate localization system based on fingerprinting of GSM signals. I show that the key to more accurate GSM localization is the use of wide signal strength fingerprints that include readings from a large number of base stations. Next, I present a method that addresses the key drawback of fingerprint-based localization systems - the need to collect extensive measurements to train the system in every target environment. Finally, I show how radio environment sensing can be used to secure the communication of devices that come within close proximity. Removing the need for additional hardware on the mobile devices and in the physical environment renders the approach that I present amenable for widespread deployment.

mobile computing

localization

context-awareness

secure pairing

0984

Managing near field communication (NFC) payment applications through cloud computing

Pourghomi, Pardis

January 2014

The Near Field Communication (NFC) technology is a short-range radio communication channel which enables users to exchange data between devices. NFC provides a contactless technology for data transmission between smart phones, Personal Computers (PCs), Personal Digital Assistants (PDAs) and such devices. It enables the mobile phone to act as identification and a credit card for customers. However, the NFC chip can act as a reader as well as a card, and also be used to design symmetric protocols. Having several parties involved in NFC ecosystem and not having a common standard affects the security of this technology where all the parties are claiming to have access to client’s information (e.g. bank account details). The dynamic relationships of the parties in an NFC transaction process make them partners in a way that sometimes they share their access permissions on the applications that are running in the service environment. These parties can only access their part of involvement as they are not fully aware of each other’s rights and access permissions. The lack of knowledge between involved parties makes the management and ownership of the NFC ecosystem very puzzling. To solve this issue, a security module that is called Secure Element (SE) is designed to be the base of the security for NFC. However, there are still some security issues with SE personalization, management, ownership and architecture that can be exploitable by attackers and delay the adaption of NFC payment technology. Reorganizing and describing what is required for the success of this technology have motivated us to extend the current NFC ecosystem models to accelerate the development of this business area. One of the technologies that can be used to ensure secure NFC transactions is cloud computing which offers wide range advantages compared to the use of SE as a single entity in an NFC enabled mobile phone. We believe cloud computing can solve many issues in regards to NFC application management. Therefore, in the first contribution of part of this thesis we propose a new payment model called “NFC Cloud Wallet". This model demonstrates a reliable structure of an NFC ecosystem which satisfies the requirements of an NFC payment during the development process in a systematic, manageable, and effective way.

004.1675