931 resultados para RSA public-key cryptography
Resumo:
In this work we present a novel security architecture for MANETs that merges the clustering and the threshold key management techniques. The proposed distributed authentication architecture reacts with the frequently changing topology of the network and enhances the process of assigning the node's public key. In the proposed architecture, the overall network is divided into clusters where the clusterheads (CH) are connected by virtual networks and share the private key of the Central Authority (CA) using Lagrange interpolation. Experimental results show that the proposed architecture reaches to almost 95.5% of all nodes within an ad-hoc network that are able to communicate securely, 9 times faster than other architectures, to attain the same results. Moreover, the solution is fully decentralized to operate in a large-scale mobile network.
Resumo:
Certificate verification in PKI is a complex and time consuming process. In the classical PKI methodology, in order to obtain a public key and to accept a certificate as valid, a verifier needs to extract a certificate path from the PKI and to verify the certificates on this path recursively. Levi proposed a nested certificate model vvith the aim to simplify and speed up certificate verification. Such a nested certificate-based PKI significantly improves certificate verification, but it also requires a large increase in the number of issued certificates, which makes this model impractical for real life deployment. In order to solve this drawback of nested PKI, while retaining its speed in certificate verification, we propose in this paper the innovative concept of a compressed nested certificate, which is a significantly modified version of the nested certificate model. Compressed nested certificate PKI deploys compressed nested certificates which speed up and simplify certificate verification while keeping certificate load to a minimum, thus providing implementers the option of integrating it into the existing PKI model or building it separately as an independent model.
Resumo:
Watermarking technique enables to hide an imperceptible watermark into a multimedia content for copyright protection. However, in most conventional watermarking schemes, the watermark is embedded solely by the seller, and both the seller and the buyer know the watermarked copy, which causes unsettled dispute at the phase of arbitration. To solve this problem, many watermarking protocols have been proposed using watermarking scheme in the encrypted domain. In this paper, we firstly discuss many security aspects in the encrypted domain, and then propose a new method of homomorphism conversion for probabilistic public key cryptosystem with homomorphic property. Based on our previous work, a new secure watermarking scheme for watermarking protocol is presented using a new embedding strategy in the encrypted domain. We employ an El Gamal variant cryptosystem with additive homomorphic property to reduce the computing overload of watermark embedding in the encrypted domain, and RA code to improve the robustness of the watermarked image against many moderate attacks after decryption. Security analysis and experiment demonstrate that the secure watermarking scheme is more suitable for implementing the existing watermarking protocols.
Resumo:
Certificate-based encryption was introduced in Eurocrypt’03 to solve the certificate management problem in public key encryption. Recently, this idea has been extended to certificate-based signatures. To date, several new schemes and security models of certificate-based signatures have been proposed. In this paper, we first introduce a new security model of certificate-based signatures. Our model is not only more elaborated when compared with the existing ones, but also defines several new types of adversaries in certificate-based signatures. We then investigate the relationship between certificate-based signatures and certificateless signatures, by proposing a generic construction of certificate-based signatures from certificateless signatures. Our generic construction is secure (in the random oracle model) under the security model defined in this paper, assuming the underlying certificateless signatures satisfying certain security notions.
Resumo:
Certificate-based encryption was introduced in Eurocrypt '03 to solve the certificate management problem in public key encryption. Recently, this idea was extended to certificate-based signatures. Several new schemes and security models of certificate-based signature by comparing it with digital signatures in other popular public key systems. We introduce a new security model of certificate-based signature, which defines several new types of adversaries against certificate-based signature, which defines several new types of adversaries against certificate-based signatures, along with the security model of certificate-based signatures against them. The new model is clearer and more elaborated compared with other existing ones. We then investigate the relationship between certificate-based signatures and certificate-less signatures, and propose a generic construction of certificate-based signatures and certificate less signatures, and propose a generic construction of certificate-based signatures. We prove that the generic construction is secure (in the random oracle model) against all types of adversaries defined in this paper, assuming the underlying certificateless signatures satisfying certain security notions. Based on our generic construction, we are able to construct new certificate-based signatures schemes, which are more effiecient in comparison with other schemes with similar security levels
Resumo:
In Asiacrypt 2003, the concept of universal designated verifier signature (UDVS) was introduced by Steinfeld, Bull, Wang and Pieprzyk. In the new paradigm, any signature holder (not necessarily the signer) can designate the publicly verifiable signature to any desired designated verifier (using the verifier’s public key), such that only the designated verifier can believe that the signature holder does have a valid publicly verifiable signature, and hence, believes that the signer has signed the message. Any other third party cannot believe this fact because this verifier can use his secret key to create a valid UDVS which is designated to himself. In ACNS 2005, Zhang, Furukawa and Imai proposed the first UDVS scheme without random oracles. In this paper, we give a security analysis to the scheme of Zhang et al. and propose a novel UDVS scheme without random oracles based on Waters’ signature scheme, and prove that our scheme is secure under the Gap Bilinear Diffie Hellman assumption
Resumo:
Certificate-based encryption (CBE) and certificateless encryption (CLE) are proposed to lessen the certificate management problem in a traditional public-key encryption setting. Although they are two different notions, CBE and CLE are closely related and possess several common features. The encryption in CBE and CLE does not require authenticity verification of the recipient's public key. The decryption in both notions requires two secrets that are generated by the third party and the public key owner, respectively. Recently a generic conversion from CLE to CBE was given, but unfortunately its security proof is flawed. This paper provides an elaborate security model of CBE, based on which a provably secure generic construction of CBE from CLE is proposed. A concrete instantiation is also presented to demonstrate the application of our generic construction.
Resumo:
© 2015 The Royal Australian and New Zealand College of Psychiatrists. Objectives: To provide guidance for the management of mood disorders, based on scientific evidence supplemented by expert clinical consensus and formulate recommendations to maximise clinical salience and utility. Methods: Articles and information sourced from search engines including PubMed and EMBASE, MEDLINE, PsycINFO and Google Scholar were supplemented by literature known to the mood disorders committee (MDC) (e.g., books, book chapters and government reports) and from published depression and bipolar disorder guidelines. Information was reviewed and discussed by members of the MDC and findings were then formulated into consensus-based recommendations and clinical guidance. The guidelines were subjected to rigorous successive consultation and external review involving: expert and clinical advisors, the public, key stakeholders, professional bodies and specialist groups with interest in mood disorders. Results: The Royal Australian and New Zealand College of Psychiatrists clinical practice guidelines for mood disorders (Mood Disorders CPG) provide up-to-date guidance and advice regarding the management of mood disorders that is informed by evidence and clinical experience. The Mood Disorders CPG is intended for clinical use by psychiatrists, psychologists, physicians and others with an interest in mental health care. Conclusions: The Mood Disorder CPG is the first Clinical Practice Guideline to address both depressive and bipolar disorders. It provides up-to-date recommendations and guidance within an evidence-based framework, supplemented by expert clinical consensus. Mood Disorders Committee: Professor Gin Malhi (Chair), Professor Darryl Bassett, Professor Philip Boyce, Professor Richard Bryant, Professor Paul Fitzgerald, Dr Kristina Fritz, Professor Malcolm Hopwood, Dr Bill Lyndon, Professor Roger Mulder, Professor Greg Murray, Professor Richard Porter and Associate Professor Ajeet Singh. International expert advisors: Professor Carlo Altamura, Dr Francesco Colom, Professor Mark George, Professor Guy Goodwin, Professor Roger McIntyre, Dr Roger Ng, Professor John O'Brien, Professor Harold Sackeim, Professor Jan Scott, Dr Nobuhiro Sugiyama, Professor Eduard Vieta, Professor Lakshmi Yatham. Australian and New Zealand expert advisors: Professor Marie-Paule Austin, Professor Michael Berk, Dr Yulisha Byrow, Professor Helen Christensen, Dr Nick De Felice, A/Professor Seetal Dodd, A/Professor Megan Galbally, Dr Josh Geffen, Professor Philip Hazell, A/Professor David Horgan, A/Professor Felice Jacka, Professor Gordon Johnson, Professor Anthony Jorm, Dr Jon-Paul Khoo, Professor Jayashri Kulkarni, Dr Cameron Lacey, Dr Noeline Latt, Professor Florence Levy, A/Professor Andrew Lewis, Professor Colleen Loo, Dr Thomas Mayze, Dr Linton Meagher, Professor Philip Mitchell, Professor Daniel O'Connor, Dr Nick O'Connor, Dr Tim Outhred, Dr Mark Rowe, Dr Narelle Shadbolt, Dr Martien Snellen, Professor John Tiller, Dr Bill Watkins, Dr Raymond Wu.
Resumo:
Data sharing has never been easier with the advances of cloud computing, and an accurate analysis on the shared data provides an array of benefits to both the society and individuals. Data sharing with a large number of participants must take into account several issues, including efficiency, data integrity and privacy of data owner. Ring signature is a promising candidate to construct an anonymous and authentic data sharing system. It allows a data owner to anonymously authenticate his data which can be put into the cloud for storage or analysis purpose. Yet the costly certificate verification in the traditional public key infrastructure (PKI) setting becomes a bottleneck for this solution to be scalable. Identity-based (ID-based) ring signature, which eliminates the process of certificate verification, can be used instead. In this paper, we further enhance the security of ID-based ring signature by providing forward security: If a secret key of any user has been compromised, all previous generated signatures that include this user still remain valid. This property is especially important to any large scale data sharing system, as it is impossible to ask all data owners to re-authenticate their data even if a secret key of one single user has been compromised. We provide a concrete and efficient instantiation of our scheme, prove its security and provide an implementation to show its practicality.
Resumo:
Nowadays due to the security vulnerability of distributed systems, it is needed mechanisms to guarantee the security requirements of distributed objects communications. Middleware Platforms component integration platforms provide security functions that typically offer services for auditing, for guarantee messages protection, authentication, and access control. In order to support these functions, middleware platforms use digital certificates that are provided and managed by external entities. However, most middleware platforms do not define requirements to get, to maintain, to validate and to delegate digital certificates. In addition, most digital certification systems use X.509 certificates that are complex and have a lot of attributes. In order to address these problems, this work proposes a digital certification generic service for middleware platforms. This service provides flexibility via the joint use of public key certificates, to implement the authentication function, and attributes certificates to the authorization function. It also supports delegation. Certificate based access control is transparent for objects. The proposed service defines the digital certificate format, the store and retrieval system, certificate validation and support for delegation. In order to validate the proposed architecture, this work presents the implementation of the digital certification service for the CORBA middleware platform and a case study that illustrates the service functionalities
Resumo:
Cryptographic systems are safe. However, the management of cryptographic keys of these systems is a tough task. They are usually protected by the use of password-based authentication mechanisms, which is a weak link on conventional cryptographic systems, as the passwords can be easily copied or stolen. The usage of a biometric approach for releasing the keys is an alternative to the password-based mechanisms. But just like passwords, we need mechanisms to keep the biometrical signal safe. One approach for such mechanism is to use biometrical key cryptography. The cryptographic systems based on the use of biometric characteristics as keys are called biometrical cryptographic systems. This article presents the implementation of Fuzzy Vault, a biometrical cryptographic system written in Java, along with its performance evaluation. Fuzzy Vault was tested on a real application using smartcards.
Resumo:
Pós-graduação em Ciências Sociais - FFC
Resumo:
La estrategia i2010 de la UE tiene como objetivo garantizar el liderazgo europeo en materia de TIC y poner los beneficios de la Sociedad de la Información al servicio de la economía, la sociedad y la calidad de vida personal, teniendo presente que los éxitos de Europa hasta la fecha se han basado en favorecer la competencia leal en los mercados de las telecomunicaciones y crear un mercado sin fronteras para contenidos y medios de comunicación digitales. En esta línea, la Comisión Europea ha establecido que los distintos estados miembros deben contribuir activamente al desarrollo y uso seguro de los servicios telemáticos entre sus ciudadanos. Más concretamente, atribuye a las Administraciones Públicas, tanto a nivel nacional, regional como local, un papel dinamizador de la Sociedad de la Información que les obliga a ofrecer paulatinamente todos los actos administrativos a los ciudadanos a través de Internet. Como primer paso para el uso seguro de los servicios telemáticos que ofrecen las instituciones públicas se hace preciso dotar a los ciudadanos de una identidad digital que les permita identificarse ante un Proveedor de Servicio o ante otros ciudadanos de manera inequívoca. Por esta razón, la mayoría de países europeos – y otros en el resto del mundo – están promoviendo, sistemas fiables de gestión de identidad electrónica (eIDM), de tal manera que los ciudadanos, las empresas y departamentos gubernamentales (incluso en Estados miembros diferentes) pueden identificar y certificar sus operaciones con precisión, rapidez y sencillez. Sin embargo, la gestión de esta identidad por las Administraciones Públicas supone un importante desafío, acentuado cuando se hace necesaria la interoperabilidad entre Administraciones de diferentes países, puesto que personas y entidades tienen credenciales de identificación diferentes en función de su propio marco jurídico nacional. Consciente del problema, en la Unión Europea se han puesto en marcha una serie de proyectos con el objetivo de conseguir la interoperabilidad de los eIDMs entre las instituciones públicas de diferentes Estados miembros. A pesar de ello, las soluciones adoptadas hasta la fecha son insuficientes porque no prevén todos los posibles casos de interacción del usuario con las instituciones. En concreto, no tienen en cuenta un aspecto muy importante que se ofrece en los distintos sistemas jurídicos nacionales, a saber, la delegación de la identidad, mediante la cual un ciudadano puede autorizar a otro para que actúe en su nombre para acceder a determinados servicios prestados por las instituciones públicas. En esta tesis se realizan un conjunto de aportaciones que dan solución a distintos aspectos de los problemas planteados y que, de forma conjunta, permiten la interoperabilidad y la delegación de identidad en determinados Sistemas de Gestión de Identidad aplicados al entorno de las Administraciones Públicas. En el caso de la delegación, se ha definido un sistema de delegación dinámica de identidad entre dos entidades genéricas que permite solucionar el problema del acceso delegado a los servicios telemáticos ofrecidos por las Administraciones Públicas. La solución propuesta se basa en la generación de un token de delegación, constituido a partir de un Certificado Proxy, que permite a la entidad que delega establecer la delegación de identidad en otra entidad en base a un subconjunto de sus atributos como delegador, estableciendo además, en el propio token de delegación, restricciones en el conjunto de servicios accesibles a la entidad delegada y el tiempo de validez de la delegación. Adicionalmente, se presentan los mecanismos necesarios tanto para poder revocar un token de delegación como para comprobar sin un token de delegación ha sido o no revocado. Para ello se propone una solución para la identificación unívoca de tokens de delegación y la creación de una nueva entidad denominada Autoridad de Revocación de Tokens de Delegación. Entre las características del sistema de delegación propuesto destaca el que es lo suficientemente seguro como para ser utilizado en el entorno de la Administración Pública, que no requiere el uso de mecanismos off‐line para la generación de la delegación y que se puede realizar la delegación de forma instantánea y sin la necesidad de trámites complejos o la participación de un elevado número de entidades. Adicionalmente, el token de delegación propuesto es perfectamente integrable en las infraestructura de clave pública actual lo que hace que, dado que gran parte de las Administraciones Públicas europeas basan sus sistemas de identidad digital en el uso de la PKI y certificados de identidad X.509, la solución pueda ser puesta en marcha en un entorno real sin necesidad de grandes cambios o modificaciones de comportamiento. En lo referente a la interoperabilidad, se realiza un análisis exhaustivo y la correspondiente evaluación de las principales propuestas de Sistemas de Gestión de Identidad orientados a conseguir la interoperabilidad realizadas hasta la fecha en el marco de la Unión Europea y se propone, a alto nivel, una arquitectura de interoperabilidad para la gestión de identidad en las Administraciones Públicas. Dicha arquitectura es lo suficientemente genérica como para poder ser aplicada tanto en el entorno pan‐Europeo como en los entornos nacionales, autonómicos y locales, de tal forma que la interoperabilidad en la gestión de la identidad esté garantizada en todos los niveles de la Administración Pública. Por último, mediante la integración de la solución de delegación dinámica de identidad y la arquitectura de interoperabilidad propuestas se presenta una solución al problema de la delegación en un escenario pan‐Europeo de gestión de identidad, dando lugar a una arquitectura global de interoperabilidad pan‐Europea con soporte a la delegación de identidad. SUMMARY The i2010 European Union Plan aims to ensure European leadership in ICT and to promote the positive contribution that information and communication technologies can make to the economic, social and personal quality of life, bearing in mind that, to date, success in Europe has been based on promoting fair competition in telecommunications markets and on creating a borderless market for contents and digital media. In this line, the European Commission has established that the different member states should contribute actively to the development and secure use of telematic services among their citizens. More specifically, it is attributed to national, regional and local Public Administrations to have a supportive role of the Information Society, requiring them to gradually provide the citizens with Internet‐based access to all administrative procedures acts. As a first step for the secure use of telematic services offered by public institutions, it is necessary to provide the citizens with a digital identity to enable them to identify themselves unequivocally to a Service Provider or to other citizens. For this reason, most European countries ‐ and others in the rest of the world ‐ are promoting reliable systems for managing electronic identity (eIDM), so that citizens, businesses and government departments (even in different Member States) can identify and certify their operations with precision, speed and simplicity. However, the identity management by Public Administrations is a major challenge that becomes more difficult when interoperability between administrations of different countries is needed, due to the fact that individuals and entities have different identification credentials according to their own national legal framework. Aware of the problem, the European Union has launched a series of projects with the aim of achieving interoperability of eIDMs between public institutions of different Member States. However, the solutions adopted to date are insufficient because they do not foresee all possible cases of user interaction with the institutions. In particular, solutions do not take into account a very important aspect that is offered in different national legal systems, namely, the delegation of identity, by which a citizen can authorize another to act on his/her behalf to access certain services provided by public institutions. In this thesis a collection of contributions that provide solution to different aspects of the aforementioned problems are carried out. The solutions, in global, enable interoperability and identity delegation in some of the Identity Management Systems applied to Public Administration environment. In the case of delegation, a dynamic identity delegation system between generic entities is defined. This system makes it possible to solve the problem of delegated access to telematic services offered by Public Administrations. The proposed solution is based on the generation of a piece of information called delegation token. This delegation token, derived from a Proxy Certificate, allows the establishment of identity delegation by an entity that delegates (delegator) in other entity (delegatee) making use of a subset of delegator attributes. It also establishes restrictions on services that can be used by the delegated entity and the expiry date of delegation. In addition to this, the mechanisms necessary to revoke and check the revocation status of a delegation token are presented. To do this, a solution to univocally identify delegation tokens and the creation of a completely new entity, called Token Delegation Revocation Authority, are proposed. The most remarkable characteristics of the proposed delegation system are its security, enough for it to be used in the Public Administration environment, the fact that it does not require off‐line processes in order to generate the delegation, and the possibility of performing the delegation instantaneously and without neither complex processes nor the intervention of a large number of entities. The proposed delegation token can be completely incorporated into current Public Key Infrastructure (PKI). Thus, since most of the European Public Administrations base their digital identity systems on PKI and X.509 identity certificates, the solution can be adopted in a real environment without great changes or performance modifications. Regarding interoperability, an exhaustive analysis and evaluation of most significant proposals on Identity Management Systems that aim to achieve interoperability carried out in the European Union framework until now are performed. A high level identity management interoperability architecture for Public Administrations is also proposed. This architecture is sufficiently generic to be applied to both pan‐European environment and national, regional or local environments, thus interoperability in identity management at all Public Administration levels is guaranteed. Finally, through the integration of the proposed dynamic identity delegation solution and the high level interoperability architecture, a solution to the problem of identity delegation in a pan‐European identity management environment is suggested, leading to a pan‐European global interoperability architecture with identity delegation support.
Resumo:
El presente proyecto propone la utilización de un protocolo de obtención y gestión de certificados llamado SCEP (Simple Certificate Enrollment Protocol), utilizado inicialmente para el aprovisionamiento automático de certificados en routers y switches de la marca Cisco Networks, para su uso en dispositivos personales o corporativos dentro del ámbito laboral. En la actualidad, se están aplicando nuevas técnicas más eficientes de control del uso de los dispositivos corporativos por parte de los empleados de determinadas empresas. Estas empresas son las encargadas de proporcionar a sus empleados dichos dispositivos, que en muchos casos son un ordenador personal y un teléfono móvil. En las empresas del sector de las TIC, el uso de esos dispositivos es la principal herramienta de sus empleados, con lo que la seguridad y control son mecanismos fundamentales que deben estar presentes y garantizados. Además, nuevas tendencias como el BYOD (Bring Your Own Device o el teletrabajo, permiten a los empleados tanto el uso de los dispositivos corporativos lejos del ámbito laboral (en su domicilio, por ejemplo), como el uso de dispositivos no preparados de antemano por la empresa. A priori, estas técnicas suponen un avance en comodidad para los empleados; pero puede significar todo lo contrario cuando se habla del mantenimiento de la seguridad y el control de acceso a los recursos de la empresa desde dichos dispositivos (obtención de certificados para acceder a recursos internos, envío de información cifrada entre individuos de la misma empresa, etc). Es aquí donde cobra sentido la idea de utilizar un protocolo de aprovisionamiento y gestión automatizada de certificados para garantizar la seguridad y control de acceso en la PKI (Public Key Infrastructure) corporativa, permitiendo el uso de dispositivos personales, y evitando la acumulación de trámites burocráticos incómodos tanto para el empleado como para la empresa. Este proyecto plantea la utilización del protocolo SCEP como mecanismo para la realización de la gestión automatizada de certificados ampliando su utilización a dispositivos de escritorio Windows y móviles Android.
