Dagdelen O.,Center for Advanced Security Research Darmstadt |
Fischlin M.,TU Darmstadt
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2011
We analyze the Extended Access Control (EAC) protocol for authenticated key agreement, recently proposed by the German Federal Office for Information Security (BSI) for the deployment in machine readable travel documents. We show that EAC is secure in the Bellare-Rogaway model under the gap Diffie-Hellman (GDH) problem, and assuming random oracles. Furthermore, we discuss that the protocol achieves some of the properties guaranteed by the extended CK security model of LaMacchia, Lauter and Mityagin (ProvSec 2008). © 2011 Springer-Verlag.
Wohlgemuth S.,Center for Advanced Security Research Darmstadt
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2014
One future challenge in informatics is the integration of humans in an infrastructure of data-centric IT services. A critical activity of this infrastructure is trustworthy information exchange to reduce threats due to misuse of (personal) information. Privacy by Design as the present methodology for developing privacy-preserving and secure IT systems aims to reduce security vulnerabilities already in the early requirement analysis phase of software development. Incident reports show, however, that not only an implementation of a model bears vulnerabilities but also the gap between rigorous view of threat and security model on the world and real view on a run-time environment with its dependencies. Dependencies threaten reliability of information, and in case of personal information, privacy as well. With the aim of improving security and privacy during run-time, this work proposes to extend Privacy by Design by adapting an IT system not only to inevitable security vulnerabilities but in particular to their users’ view on an information exchange and its IT support with different, eventually opposite security interests. © IFIP International Federation for Information Processing 2014.
Weber S.G.,Center for Advanced Security Research Darmstadt
Journal of Ambient Intelligence and Smart Environments | Year: 2012
The present paper summarizes the PhD thesis of Stefan G. Weber. © 2012 IOS Press and the authors. All rights reserved.
Muhlbach S.,Center for Advanced Security Research Darmstadt |
Koch A.,TU Darmstadt
IEEE Journal on Selected Areas in Communications | Year: 2014
The security of computer systems and networks is severely threatened today by the combination of novel attack patterns and high traffic volumes. Together, this often exceeds the capabilities of purely software-based network security systems. As an alternative, hardware acceleration has been employed, e.g., for performing deep-packet inspection and pattern matching as well as general packet-header processing. While such implementations, capable of handling lower protocol layers, have been extensively studied in research and industry, their extension to higher communication layers has only rarely been addressed. Such capabilities, including the application level (OSI Layer 7), are the focus of this work. We present the NetStage platform, employing reconfigurable computing for high-throughput low-latency network processing, as well as associated development tools that allow networking domain experts to easily customize the system. As a use-case, we consider the realization of high-performance attack-resilient honeypots based on NetStage. To this end, we introduce the Malacoda language, its programming tools, and the generated target microarchitecture. We then evaluate the performance of Malacoda-generated vulnerability emulation handlers running on the NetStage platform. © 1983-2012 IEEE.
Aguilar Melchor C.,University of Limoges |
Cayrel P.-L.,Center for Advanced Security Research Darmstadt |
Gaborit P.,University of Limoges |
Laguillaumie F.,University of Caen Lower Normandy
IEEE Transactions on Information Theory | Year: 2011
Ring signatures were introduced by Rivest, Shamir, and Tauman in 2001. These signatures allow a signer to anonymously authenticate a message on behalf of a group of his choice. This concept was then extended by Bresson, Stern, and Szydlo into t-out-of-N (threshold) ring signatures in 2002. We propose in this article a generalization of Stern's code-based identification (and signature) scheme to design a practical t -out-of-N threshold ring signature scheme. The size of the resulting signatures is in O(N) and does not depend on t , contrary to most of the existing protocols. Our scheme is existentially unforgeable under a chosen message attack in the random oracle model assuming the hardness of the minimum distance problem, is unconditionally source hiding, has a very short public key and has an overall complexity in O(N). This protocol is the first efficient code-based ring signature scheme and the first code-based threshold ring signature scheme. Moreover it has a better complexity than number-theory based schemes which have a complexity in O(Nt). This paper is an extended version of a paper published in the conference PQCrypto 2008, with complete proofs and definitions. © 2011 IEEE.