Secure IT Systems

Protection of critical infrastructures against cyber threats is perceived as an important aspect of national security by many countries. These perceptions have extended the technical and organizational aspects of cyber security domain. However, decision makers still suffer from the lack of appropriate decision support systems. This position paper presents a conceptual framework for a nationwide system that monitors the national critical infrastructures and provides cyber situational awareness knowledge to organizational and national level decision makers. A research agenda is proposed for the implementation of this framework.

Conducting security tests such as vulnerability discovery within Industrial Control Systems (ICS) help reduce their vulnerability to cyber attacks. Unfortunately, the extreme availability requirements on ICS in operation make it difficult to conduct security tests in practice. For this reason, researchers and practitioners turn to testbeds that mimic real ICS. This study surveys ICS testbeds that have been proposed for scientific research. A total of 30 testbeds are identified. Most of these aim to facilitate vulnerability analysis, education and tests of defense mechanisms. Testbed components are typically implemented as simulation models. Testbed fidelity is rarely addressed, and at best briefly discussed.

Location-based Services (LBSs) provide valuable services, with convenient features for users. However, the information disclosed through each request harms user privacy. This is a concern particularly with honest-but-curious LBS servers, which could, by collecting requests, track users and infer additional sensitive user data. This is the motivation of both centralized and decentralized location privacy protection schemes for LBSs: anonymizing and obfuscating LBS queries to not disclose exact information, while still getting useful responses. Decentralized schemes overcome the disadvantages of centralized schemes, eliminating anonymizers and enhancing users’ control over sensitive information. However, an insecure decentralized system could pose even more serious security threats than privacy leakage. We address exactly this problem, by proposing security enhancements for mobile data sharing systems. We protect user privacy while preserving accountability of user activities, leveraging pseudonymous authentication with mainstream cryptography. Our design leverages architectures proposed for large scale mobile systems, while it incurs minimal changes to LBS servers as it can be deployed in parallel to the LBS servers. This further motivates the adoption of our design, in order to cater to the needs of privacy-sensitive users. We provide an analysis of security and privacy concerns and countermeasures, as well as a performance evaluation of basic protocol operations showing the practicality of our design.

Document submission and grading systems are commonly used in educational institutions. They facilitate the hand-in of assignments by students, the subsequent grading by the course teachers and the management of the submitted documents and corresponding grades. But they might also undermine the privacy of students, especially when documents and related data are stored long term with the risk of leaking to malicious parties in the future.We propose a protocol for a privacy-preserving, anonymous document submission and grading system based on blind signatures. Our solution guarantees the unlinkability of a document with the authoring student even after her grade has been reported, while the student can prove that she received the grade assigned to the document she submitted. We implemented a prototype of the proposed protocol to show its feasibility and evaluate its privacy and security properties.

In this paper we first analyse the possibility for deniability under a strong adversary, who has an Internet-wide transcript of the communication. Secondly, we present a scheme which provides the desirable properties of previous messaging schemes, but with stronger deniability under the new adversary model. Our scheme requires physical meetings for exchanges of large amounts of random key-material via near-field communication and later uses this random data to key a one-time pad for text-messaging. We prove the correctness of the protocol and, finally, we evaluate the practical feasibility of the suggested scheme.

For decades, elliptic curves over binary fields appear in numerous standards including those mandated by NIST, SECG, and ANSI X9.62. Many popular security protocols such as TLS explicitly support these named curves, along with implementations of those protocols such as OpenSSL and NSS. Over the past few years, research in improving the performance and/or security of these named curve implementations has pushed forward the state-of-the-art: e.g. projective lambda coordinates (Oliveira et al.) and commodity microprocessors featuring carryless multiplication instructions for native polynomial arithmetic (Intel, ARM, Qualcomm). This work aggregates some of these new techniques as well as classical ones to bring an existing library closer to the state-of-the art. Using OpenSSL as a case study to establish the practical impact of these techniques on real systems, results show significant performance improvements while at the same time adhering to the existing software architecture.

WHIRLBOB, also known as STRIBOBr2, is an AEAD (Authenticated Encryption with Associated Data) algorithm derived from STRIBOBr1 and the Whirlpool hash algorithm. WHIRLBOB/STRIBOBr2 is a second round candidate in the CAESAR competition. As with STRIBOBr1, the reduced-size Sponge design has a strong provable security link with a standardized hash algorithm. The new design utilizes only the LPS or ρ component of Whirlpool in flexibly domain-separated BLNK Sponge mode. The number of rounds is increased from 10 to 12 as a countermeasure against Rebound Distinguishing attacks. The 8 ×8 - bit S-Box used by Whirlpool and WHIRLBOB is constructed from 4 ×4 - bit “MiniBoxes”. We report on fast constant-time Intel SSSE3 and ARM NEON SIMD WHIRLBOB implementations that keep full miniboxes in registers and access them via SIMD shuffles. This is an efficient countermeasure against AES-style cache timing side-channel attacks. Another main advantage of WHIRLBOB over STRIBOBr1 (and most other AEADs) is its greatly reduced implementation footprint on lightweight platforms. On many lower-end microcontrollers the total software footprint of π+BLNK = WHIRLBOB AEAD is less than half a kilobyte. We also report an FPGA implementation that requires 4,946 logic units for a single round of WHIRLBOB, which compares favorably to 7,972 required for Keccak / Keyak on the same target platform. The relatively small S-Box gate count also enables efficient 64-bit bitsliced straight-line implementations. We finally present some discussion and analysis on the relationships between WHIRLBOB, Whirlpool, the Russian GOST Streebog hash, and the recent draft Russian Encryption Standard Kuznyechik.

Attribute-based authentication (ABA) is a way to authenticate signers by means of attributes and it requests proof of possessing required attributes from the one to be authenticated. To achieve the property of traceability, required attributes should be combined with the signer’s attribute private keys in order to generate a signature. In some schemes, signers’ attribute keys are related to attribute trees, so changing attribute trees will cause the regeneration of all related attribute keys. In this paper, we propose an efficient traceable ABA scheme, where the generation of signers’ attribute keys is independent from attribute trees. Thus the same set of attribute keys can be used with a different attribute tree for each signature generation and verification, which is called “onetime” attribute tree in this paper.

FIDO (Fast Identity Online) is a new online identity management architecture, developed and promoted by a large industry consortium. Its goal is to simplify and strengthen online user authentication by relying on local device user authentication. Another goal is to finally put passwords to rest. This solution requires strong trust between players and components in the architecture. These aspects have received little attention from the FIDO consortium. The aim of this paper is to analyze the trust requirements for FIDO, and assess the cost of establishing the required trust.

The investigation of fraud in business has been a staple for the digital forensics practitioner since the introduction of computers in business. Much of this fraud takes place in the retail industry. When trying to stop losses from insider retail fraud, triage, i.e. the quick identification of sufficiently suspicious behaviour to warrant further investigation, is crucial, given the amount of normal, or insignificant behaviour.

It has previously been demonstrated that simple statistical threshold classification is a very successful way to detect fraud [15]. However, in order to do triage successfully the thresholds have to be set correctly. Therefore, we present a method based on simulation to aid the user in accomplishing this, by simulating relevant fraud scenarios that are foreseeing as possible and expected, to calculate optimal threshold limits.

Our proposed method gives the advantage over arbitrary thresholds that it reduces the amount of labour needed on false positives and gives additional information, such as the total cost of a specific modelled fraud behaviour, to set up a proper triage process. With our method we argue that we contribute to the allocation of resources for further investigations by optimizing the thresholds for triage and estimating the possible total cost of fraud. Using this method we manage to keep the losses below a desired percentage of sales, which the manager considers acceptable for keeping the business properly running.

IncidentResponseSim is a multi-agent-based simulation tool supporting risk management of online financial services, by performing a risk assessment of the quality of current countermeasures, in the light of the current and emerging threat environment. In this article, we present a set of simulations using incident response trees in combination with a quantitative model for estimating the direct economic consequences. The simulations generate expected fraud, and conditional fraud value at risk, given a specific fraud scenario. Additionally, we present how different trojan strategies result in different conditional fraud value at risk, given the underlying distribution of wealth in the online channel, and different levels of daily transaction limits. Furthermore, we show how these measures can be used together with return on security investment calculations to support decisions about future security investments.

Firewalls are essential security devices that can provide protection against network attacks. To be effective, a firewall must be properly configured to ensure consistency with the security policy. However, configuring is a complex and error-prone process. This work tries to identify the reasons behind firewall misconfigurations. To achieve our goal, we conducted a series of semi-structured interviews with system administrators that manage access control lists in networks of different sizes. The paper discusses our interview results and describes future work.

The telecom industry has recently started to adapt the emerging paradigm of Software-Defined Networking (SDN) in combination with cloud computing to the telecommunication world. Both technologies enable a high degree of automation and flexibility for existing and novel networks. As this combination can reduce costs and enables the development of new business opportunities, telecom providers build socalled telco clouds leveraging SDN for operating the underlying network infrastructure. In this context, a major concern is to maintain security once network functions and SDN controllers run virtualized inside the telco clouds. In particular, compromised cloud applications and SDN controllers may disturb correct functioning such that costs increase, security deteriorates or reputation degrades. Therefore, we propose a multi-layer access control system to mitigate such adverse consequences and, thereby, focus on securing both SDN’s application layer as well as its control layer.

In this paper we consider the problem of enforcing dependencies during software distribution process. We consider a model in which multiple independent vendors encrypt their software and distribute it by means of untrusted mirror repositories. The decryption of each package is executed on the user side and it is possible if and only if the target device satisfies the dependency requirements posed by the vendor. Once a package is decrypted, the protocol non-interactively updates the key material on the target device so that the decryption of future packages requiring the newly installed package can be executed.

We further present a variant of the protocol in which also the vendor defined installation policy can be partially hidden from unauthorized users.

Both public and commercial services in most countries depend on government-issued identity documents for citizen authentication. Traditionally such documents have been fairly uniform around the world, i.e. identity cards and passports. The dawn of strong electronic authentication, however, has created a much more diverse situation. New technologies such as tamper-proof microchips and cryptographic authentication are used in different ways for both offline and online authentication. Countries have made quite different choices in what kind of security or privacy they prioritize and what services are supported. This paper attempts to form an overall picture of electronic citizen-identity and strong-authentication technologies and of the management of electronic citizen identities around the world. Understanding of the global state of the art is necessary because Internet services are often global and accessed across national borders, and because there sometimes is a need to bootstrap the user identity from the government issued or sanctioned credentials. This survey provides background information both for the selection of authentication technologies and for research on strong authentication.