Safety application systems in Vehicular Ad-hoc Networks (VANETs) require the dissemination of con... more Safety application systems in Vehicular Ad-hoc Networks (VANETs) require the dissemination of contextual information about the scale of neighbouring vehicles; therefore, ensuring security and privacy is of utmost importance. Vulnerabilities in the messages and the system’s infrastructure introduce the potential for attacks that lessen safety and weaken passengers’ privacy. The purpose of short-lived anonymous identities, called “pseudo-identities”, is to divide the trip into unlinkable short passages. Researchers have proposed changing pseudo-identities more frequently inside a pre-defined area, called a cryptographic mix-zone (CMIX) to ensure enhanced protection. According to ETSI ITS technical report recommendations, the researchers must consider the low-density scenarios to achieve unlinkability in CMIX. Recently, Christian et al. proposed a Chaff-based CMIX scheme that sends fake messages under the consideration of low-density conditions to enhance vehicles’ privacy and confuse ...
In this paper, we focus on Internet voting protocol. Our protocol is similar to the Norwegian sch... more In this paper, we focus on Internet voting protocol. Our protocol is similar to the Norwegian scheme which has been used in local elections in 2011. The primary focus of this paper is to prevent a possible cooperation between Ballot Box and Receipt Generator in the Norwegian scheme. The other purpose of this research is to present the alternative solution of coercion which is one of the most important problem in Internet voting. In our protocol, a voter can verify whether her vote is in the counting process.
Existing cloud storage systems obtain the data in its plaintext form and perform conventional (se... more Existing cloud storage systems obtain the data in its plaintext form and perform conventional (server-side) deduplication mechanisms. However, disclosing the data to the cloud can potentially threaten the security and privacy of users, which is of utmost importance for a realworld cloud storage. This can be solved by secure deduplication mechanisms which enables the user to encrypt the data on the client-side (or via an encryption-as-a-service module) before uploading it to the cloud storage. Conventional client-side encryption solutions unfortunately make the deduplication more challenging. Privacy-preserving public auditing schemes, on the other hand, is also crucial because the clients outsource their data to the cloud providers and then permanently deletes the data from their local storages. In this paper, we consider the problem of secure deduplication over encrypted data stored in the cloud while supporting a privacy-preserving public auditing mechanism. We show that existing ...
Conclusions: In this master thesis, we have started with an informal security protocol representa... more Conclusions: In this master thesis, we have started with an informal security protocol representation. We have demonstrated the translation of protocols into Horn clauses by giving the well-known Otway Rees Protocol as an example. We also defined and formalized semantics of the protocol for all participant. For the work presented in this thesis we have assumed perfect encryption. We also assume that the protocol is executed in the presence of the attacker that can listen, compute new messages from the messages it has already received, and send any message it can build. We firmalized the abilities of attacker and we defined the view of attacker to the message. By looking to the view of the messages, if participant can distiguish the views then it will stop the protocol run, if participant cannot distinguish the messages from each other then it will reply to the previous message. The related work has been done in the reference [5] for CAPSL ( Common Authentication Protocol Specification Language) wich is a high-level language for applying formal methods to the security analysis of cryptographic protocols. Protocol is specified in a form that could be used as the input format for any formal analysis
During the past decade, several misbehaving certificate authorities (CAs) have issued fraudulent ... more During the past decade, several misbehaving certificate authorities (CAs) have issued fraudulent TLS certificates allowing man-in-the-middle (MITM) kinds of attacks that result in serious security incidents. In order to avoid such incidents, Yakubov et al. ((2018) A blockchain-based PKI management framework. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium, Taipei, Taiwan, April, pp. 16. IEEE) recently proposed a new public key infrastructure (PKI) architecture where CAs issue, revoke and validate X.509 certificates on a public blockchain. However, in their proposal TLS clients are subject to MITM kinds of attacks, and certificate transparency is not fully provided. In this paper, we eliminate the issues of the Yakubov et al.’s scheme and propose a new PKI architecture based on permissioned blockchain with PBFT consensus mechanism where the consensus nodes utilize a dynamic threshold signature scheme to generate signed blocks. In this way, the trust to the inte...
Abstract Blockchain offers unprecedented opportunities for innovation in financial transactions. ... more Abstract Blockchain offers unprecedented opportunities for innovation in financial transactions. A whole new world of opportunities for banking, lending, insurance, money transfer, investments, and stock markets awaits. However, the potential for wide-scale adoption of blockchain is hindered with cybersecurity and privacy issues. We provide an overview of the risks and security requirements and give an outlook for future research that could be helpful in solving some of the challenges. We also present an approach for policy specification and verification of financial transactions based on smart contracts.
Bilinear maps are popular cryptographic primitives which have been commonly used in various moder... more Bilinear maps are popular cryptographic primitives which have been commonly used in various modern cryptographic protocols. However, the cost of computation for bilinear maps is expensive because of their realization using variants of Weil and Tate pairings of ellip- tic curves. Due to increasing availability of cloud computing services, devices with limited computational resources can outsource this heavy computation to more powerful external servers. Currently, the checka- bility probability of the most ecient outsourcing algorithm is 1 =2 and the overall computation requires 4 point addition in the preimage and 3 multiplications in the image of the bilinear map under the one-malicious version of a two-untrusted-program model. In this paper, we propose two ecient new algorithms which decrease not only the memory requirement but also the overall communication overhead.
After the Estonian Parliamentary Elections held in 2011, an additional verification mechanism was... more After the Estonian Parliamentary Elections held in 2011, an additional verification mechanism was integrated into the i-voting system in order to resist corrupted voting devices, including the so called Student's Attack where a student practically showed that the voting system is indeed not verifiable by developing several versions of malware capable of blocking or even changing the vote. This mechanism gives voters the opportunity to verify whether the vote they cast is stored in the central system correctly. However, the verification phase ends by displaying the cast vote in plain form on the verification device. In other words, the device on which the verification is done learns the voter's choice. In this work, our aim is to investigate this verification phase in detail and to point out that leaking the voter's choice to the verification application may harm the voter privacy. Additionally, when applied in a wide range, this would even compromise the fairness and the...
Safety application systems in Vehicular Ad-hoc Networks (VANETs) require the dissemination of con... more Safety application systems in Vehicular Ad-hoc Networks (VANETs) require the dissemination of contextual information about the scale of neighbouring vehicles; therefore, ensuring security and privacy is of utmost importance. Vulnerabilities in the messages and the system’s infrastructure introduce the potential for attacks that lessen safety and weaken passengers’ privacy. The purpose of short-lived anonymous identities, called “pseudo-identities”, is to divide the trip into unlinkable short passages. Researchers have proposed changing pseudo-identities more frequently inside a pre-defined area, called a cryptographic mix-zone (CMIX) to ensure enhanced protection. According to ETSI ITS technical report recommendations, the researchers must consider the low-density scenarios to achieve unlinkability in CMIX. Recently, Christian et al. proposed a Chaff-based CMIX scheme that sends fake messages under the consideration of low-density conditions to enhance vehicles’ privacy and confuse ...
In this paper, we focus on Internet voting protocol. Our protocol is similar to the Norwegian sch... more In this paper, we focus on Internet voting protocol. Our protocol is similar to the Norwegian scheme which has been used in local elections in 2011. The primary focus of this paper is to prevent a possible cooperation between Ballot Box and Receipt Generator in the Norwegian scheme. The other purpose of this research is to present the alternative solution of coercion which is one of the most important problem in Internet voting. In our protocol, a voter can verify whether her vote is in the counting process.
Existing cloud storage systems obtain the data in its plaintext form and perform conventional (se... more Existing cloud storage systems obtain the data in its plaintext form and perform conventional (server-side) deduplication mechanisms. However, disclosing the data to the cloud can potentially threaten the security and privacy of users, which is of utmost importance for a realworld cloud storage. This can be solved by secure deduplication mechanisms which enables the user to encrypt the data on the client-side (or via an encryption-as-a-service module) before uploading it to the cloud storage. Conventional client-side encryption solutions unfortunately make the deduplication more challenging. Privacy-preserving public auditing schemes, on the other hand, is also crucial because the clients outsource their data to the cloud providers and then permanently deletes the data from their local storages. In this paper, we consider the problem of secure deduplication over encrypted data stored in the cloud while supporting a privacy-preserving public auditing mechanism. We show that existing ...
Conclusions: In this master thesis, we have started with an informal security protocol representa... more Conclusions: In this master thesis, we have started with an informal security protocol representation. We have demonstrated the translation of protocols into Horn clauses by giving the well-known Otway Rees Protocol as an example. We also defined and formalized semantics of the protocol for all participant. For the work presented in this thesis we have assumed perfect encryption. We also assume that the protocol is executed in the presence of the attacker that can listen, compute new messages from the messages it has already received, and send any message it can build. We firmalized the abilities of attacker and we defined the view of attacker to the message. By looking to the view of the messages, if participant can distiguish the views then it will stop the protocol run, if participant cannot distinguish the messages from each other then it will reply to the previous message. The related work has been done in the reference [5] for CAPSL ( Common Authentication Protocol Specification Language) wich is a high-level language for applying formal methods to the security analysis of cryptographic protocols. Protocol is specified in a form that could be used as the input format for any formal analysis
During the past decade, several misbehaving certificate authorities (CAs) have issued fraudulent ... more During the past decade, several misbehaving certificate authorities (CAs) have issued fraudulent TLS certificates allowing man-in-the-middle (MITM) kinds of attacks that result in serious security incidents. In order to avoid such incidents, Yakubov et al. ((2018) A blockchain-based PKI management framework. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium, Taipei, Taiwan, April, pp. 16. IEEE) recently proposed a new public key infrastructure (PKI) architecture where CAs issue, revoke and validate X.509 certificates on a public blockchain. However, in their proposal TLS clients are subject to MITM kinds of attacks, and certificate transparency is not fully provided. In this paper, we eliminate the issues of the Yakubov et al.’s scheme and propose a new PKI architecture based on permissioned blockchain with PBFT consensus mechanism where the consensus nodes utilize a dynamic threshold signature scheme to generate signed blocks. In this way, the trust to the inte...
Abstract Blockchain offers unprecedented opportunities for innovation in financial transactions. ... more Abstract Blockchain offers unprecedented opportunities for innovation in financial transactions. A whole new world of opportunities for banking, lending, insurance, money transfer, investments, and stock markets awaits. However, the potential for wide-scale adoption of blockchain is hindered with cybersecurity and privacy issues. We provide an overview of the risks and security requirements and give an outlook for future research that could be helpful in solving some of the challenges. We also present an approach for policy specification and verification of financial transactions based on smart contracts.
Bilinear maps are popular cryptographic primitives which have been commonly used in various moder... more Bilinear maps are popular cryptographic primitives which have been commonly used in various modern cryptographic protocols. However, the cost of computation for bilinear maps is expensive because of their realization using variants of Weil and Tate pairings of ellip- tic curves. Due to increasing availability of cloud computing services, devices with limited computational resources can outsource this heavy computation to more powerful external servers. Currently, the checka- bility probability of the most ecient outsourcing algorithm is 1 =2 and the overall computation requires 4 point addition in the preimage and 3 multiplications in the image of the bilinear map under the one-malicious version of a two-untrusted-program model. In this paper, we propose two ecient new algorithms which decrease not only the memory requirement but also the overall communication overhead.
After the Estonian Parliamentary Elections held in 2011, an additional verification mechanism was... more After the Estonian Parliamentary Elections held in 2011, an additional verification mechanism was integrated into the i-voting system in order to resist corrupted voting devices, including the so called Student's Attack where a student practically showed that the voting system is indeed not verifiable by developing several versions of malware capable of blocking or even changing the vote. This mechanism gives voters the opportunity to verify whether the vote they cast is stored in the central system correctly. However, the verification phase ends by displaying the cast vote in plain form on the verification device. In other words, the device on which the verification is done learns the voter's choice. In this work, our aim is to investigate this verification phase in detail and to point out that leaking the voter's choice to the verification application may harm the voter privacy. Additionally, when applied in a wide range, this would even compromise the fairness and the...
Uploads