Skip to main content



Malware and Email Security

SAS: Semantics Aware Signature Generation for Polymorphic Worm Detection

String extraction and matching techniques have been widely used in generating signatures for worm detection, but how to generate effective worm signatures in an adversarial environment still remains challenging. For example, attackers can freely manipulate byte distributions within the attack payloads and also can inject well-crafted noisy packets to contaminate the suspicious flow pool. To address these attacks, we propose SAS, a novel Semantics Aware Statistical algorithm for automatic signature generation. When SAS processes packets in a suspicious flow pool, it uses data flow analysis techniques to remove non-critical bytes. We then apply a Hidden Markov Model (HMM) to the refined data to generate state-transition-graph based signatures. To our best knowledge, this is the first work combining semantic analysis with statistical analysis to automatically generate worm signatures. Our experiments show that the proposed technique can accurately detect worms with concise signatures. Moreover, our results indicate that SAS is more robust to the byte distribution changes and noise injection attacks comparing to Polygraph and Hamsa.
Deguang Kong, Yoon-Chan Jhi, Tao Gong, Sencun Zhu, Peng Liu, Hongsheng Xi

Analyzing and Exploiting Network Behaviors of Malware

In this paper we address the following questions: From a networking perspective, do malicious programs (malware, bots, viruses, etc...) behave differently from benign programs that run daily for various needs? If so, how may we exploit the differences in network behavior to detect them? To address these questions, we are systematically analyzing the behavior of a large set (at the magnitude of 2,000) of malware samples. We present our initial results after analyzing 1000 malware samples. The results show that malicious and benign programs behave quite differently from a network perspective. We are still in the process of attempting to interpret the differences, which nevertheless have been utilized to detect 31 malware samples which were not detected by any antivirus software on as of 01 April 2010, giving evidence that the differences between malicious and benign network behavior has a possible use in helping stop zero-day attacks on a host machine.
Jose Andre Morales, Areej Al-Bataineh, Shouhuai Xu, Ravi Sandhu

Inexpensive Email Addresses An Email Spam-Combating System

This work proposes an effective method of fighting spam by developing Inexpensive Email Addresses (IEA), a stateless system of Disposable Email Addresses (DEAs). IEA can cryptographically generate exclusive email addresses for each sender, with the ability to re-establish a new email address once the old one is compromised. IEA accomplishes proof-of-work by integrating a challenge-response mechanism to be completed before an email is accepted in the recipient’s mail system. The system rejects all incoming emails and instead embeds the challenge inside the rejection notice of Standard Mail Transfer Protocol (SMTP) error messages. The system does not create an out-of-band email for the challenge, thus eliminating email backscatter in comparison to other challenge-response email systems. The system is also effective in identifying spammers by exposing the exact channel, i.e. the unique email address that was compromised, so misuse could be traced back to the compromising party. Usability is of utmost concern in building such a system by making it friendly to the end-user and easy to setup and maintain by the system administrator.
Aram Yegenian, Tassos Dimitriou

Anonymity and Privacy

Privacy Administration in Distributed Service Infrastructure

In this paper, we propose a framework to administrate privacy policies in distributed service infrastructure. We define new administrative capabilities that model user preferences and specify how data owners can access to them. We investigate a distributed administration of the privacy policy where three different administrative policies can coexist and one can dominate the other. We define the data collector practices, the legal organisation policies, such as emergency service’s policies, and the negotiated policy between the data collector and services providers. We finally specify how to manage these three distributed privacy administration policies.
Nabil Ajam, Nora Cuppens-Boulahia, Frederic Cuppens

On the Formation of Historically k-Anonymous Anonymity Sets in a Continuous LBS

Privacy preservation in location based services (LBS) has received extensive attention in recent years. One of the less explored problems in this domain is associated with services that rely on continuous updates from the mobile object. Cloaking algorithms designed to hide user locations in single requests perform poorly in this scenario. The historical k-anonymity property is therefore enforced to ensure that all cloaking regions include at least k objects in common. However, the mobility of the objects can easily render increasingly bigger cloaking regions and degrade the quality of service. To this effect, this paper presents an algorithm to efficiently enforce historical k-anonymity by partitioning of an object’s cloaking region. We further enforce some degree of directional similarity in the k common peers in order to prevent an excessive expansion of the cloaking region.
Rinku Dewri, Indrakshi Ray, Indrajit Ray, Darrell Whitley

Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings

Online personal health record (PHR) enables patients to manage their own medical records in a centralized way, which greatly facilitates the storage, access and sharing of personal health data. With the emergence of cloud computing, it is attractive for the PHR service providers to shift their PHR applications and storage into the cloud, in order to enjoy the elastic resources and reduce the operational cost. However, by storing PHRs in the cloud, the patients lose physical control to their personal health data, which makes it necessary for each patient to encrypt her PHR data before uploading to the cloud servers. Under encryption, it is challenging to achieve fine-grained access control to PHR data in a scalable and efficient way. For each patient, the PHR data should be encrypted so that it is scalable with the number of users having access. Also, since there are multiple owners (patients) in a PHR system and every owner would encrypt her PHR files using a different set of cryptographic keys, it is important to reduce the key distribution complexity in such multi-owner settings. Existing cryptographic enforced access control schemes are mostly designed for the single-owner scenarios.
In this paper, we propose a novel framework for access control to PHRs within cloud computing environment. To enable fine-grained and scalable access control for PHRs, we leverage attribute based encryption (ABE) techniques to encrypt each patient’s PHR data. To reduce the key distribution complexity, we divide the system into multiple security domains, where each domain manages only a subset of the users. In this way, each patient has full control over her own privacy, and the key management complexity is reduced dramatically. Our proposed scheme is also flexible, in that it supports efficient and on-demand revocation of user access rights, and break-glass access under emergency scenarios.
Ming Li, Shucheng Yu, Kui Ren, Wenjing Lou

Wireless Security

A Study on False Channel Condition Reporting Attacks in Wireless Networks

Wireless networking protocols are increasingly being designed to exploit a user’s measured channel condition; we call such protocols channel-aware. Each user reports its measured channel condition to a manager of wireless resources and a channel-aware protocol uses these reports to determine how resources are allocated to users. In a channel-aware protocol, each user’s reported channel condition affects the performance of every other user. A possible attack against channel-aware protocols is false feedback of channel condition. The deployment of channel-aware protocols increases the risks posed by false feedback. In this paper, we study the potential impact of an attacker that falsely reports its channel condition and propose a defense mechanism to securely estimate channel condition. We analyze our mechanism and evaluate the system performance deploying our mechanism through simulation. Our evaluation shows that our mechanism effectively thwarts channel condition misreporting attack.
Dongho Kim, Yih-Chun Hu

Characterizing the Security Implications of Third-Party Emergency Alert Systems over Cellular Text Messaging Services

Cellular text messaging services are increasingly being relied upon to disseminate critical information during emergencies. Accordingly, a wide range of organizations including colleges, universities and large metropolises now partner with third-party providers that promise to improve physical security by rapidly delivering such messages. Unfortunately, these products do not work as advertised due to limitations of cellular infrastructure and therefore provide a false sense of security to their users. In this paper, we perform the first extensive investigation and characterization of the limitations of an Emergency Alert System (EAS) using text messages as a security incident response and recovery mechanism. Through the use of modeling and simulation based on configuration information from major US carriers, we show emergency alert systems built on text messaging not only can not meet the 10 minute delivery requirement mandated by the WARN Act, but also potentially cause other legitimate voice and SMS traffic to be blocked at rates upwards of 80%. We then show that our results are representative of reality by comparing them to a number of documented but not previously understood failures. Finally, we discuss the causes of the mismatch of expectations and operational ability and suggest a number of techniques to improve the reliability of these systems. We demonstrate that this piece of deployed security infrastructure simply does not achieve its stated requirements.
Patrick Traynor

Saving Energy on WiFi with Required IPsec

The move to a pervasive computing environment, with the increasing use of laptops, netbooks, smartphones and tablets, means that we are more reliant on wireless networking and batteries for our daily computational needs. Specifically, this includes applications which have sensitive data that must be securely communicated over VPNs. However, the use of VPNs and mobile, wireless computing creates conflicting needs: VPNs traditionally assume a stable network connection, which is then secured; in contrast, wireless computing assumes a transitory network connection due to mobility or energy-saving protocols. In this work we study the ability to use traditional VPN protocols, specifically IPsec, in mobile environments while permitting for energy savings. Energy savings come from power-cycling the wireless radio when it is not in use.
More specifically, we develop a mathematical model for determining potential power savings on mobile devices when power-cycling the radio in IPsec use settings. Next, we perform performance measurements on IPsec session resumption protocols IKEv2 [1], MOBIKE [2], and IPsec Gateway Failover (IGF) [3] to provide data for our model. We apply the model to over 3000 wireless sessions, and determine the optimal power savings that could be achieved by power-cycling the radio while maintaining an IPsec connection. We show that there is a high-potential for energy savings in the best case. Finally, we develop an efficient and simple real-world online scheduling algorithm that achieves near optimal results for a majority of users.
Youngsang Shin, Steven Myers, Minaxi Gupta

Systems Security – I

Transparent Protection of Commodity OS Kernels Using Hardware Virtualization

Kernel rootkits are among the most insidious threats to computer security today. By employing various code injection techniques, they are able to maintain an omnipotent presence in the compromised OS kernels. Existing preventive countermeasures typically employ virtualization technology as part of their solutions. However, they are still limited in either (1) requiring modifying the OS kernel source code for the protection or (2) leveraging software-based virtualization techniques such as binary translation with a high overhead to implement a Harvard architecture (which is robust to various code injection techniques used by kernel rootkits). In this paper, we introduce hvmHarvard, a hardware virtualization-based Harvard architecture that transparently protects commodity OS kernels from kernel rootkit attacks and significantly reduces the performance overhead. Our evaluation with a Xen-based prototype shows that it can transparently protect legacy OS kernels with rootkit resistance while introducing < 5% performance overhead.
Michael Grace, Zhi Wang, Deepa Srinivasan, Jinku Li, Xuxian Jiang, Zhenkai Liang, Siarhei Liakh

A Generic Construction of Dynamic Single Sign-on with Strong Security

Single Sign-On (SSO) is a core component in a federated identity management (FIM). Dynamic Single Sign-on (DSSO) is a more flexible SSO where users can change their service requirements dynamically. However, the security in the current SSO and DSSO systems remain questionable. As an example, personal credentials could be illegally used to allow illegal users to access the services. It is indeed a challenging task to achieve strong security in SSO and DSSO. In this paper, we propose a generic construction of DSSO with strong security. We propose the formal definitions and security models for SSO and DSSO, which enable one to achieve the security of SSO and DSSO with the underlying (standard) security assumptions. We also provide a formal security proof on our generic DSSO scheme.
Jinguang Han, Yi Mu, Willy Susilo, Jun Yan

DeCore: Detecting Content Repurposing Attacks on Clients’ Systems

Web 2.0 platforms are ubiquitously used to share content and personal information, which makes them an inviting and vulnerable target of hackers and phishers alike. In this paper, we discuss an emerging class of attacks, namely content repurposing attacks, which specifically targets sites that host user uploaded content on Web 2.0 sites. This latent threat is poorly addressed, if at all, by current protection systems, both at the remote sites and at the client ends. We design and develop an approach that protects from content repurposing attacks at the client end. As we show through a detailed evaluation, our solution promptly detects and stops various types of attacks and adds no overhead to the user’s local machine or browser where it resides. Further, our approach is light-weight and does not invasively monitor all the user interactions with the browser, providing an effective protection against these new and powerful attacks.
Smitha Sundareswaran, Anna C. Squicciarini

Network Security – I

Realizing a Source Authentic Internet

An innate deficiency of the Internet is its susceptibility to IP spoofing. Whereas a router uses a forwarding table to determine where it should send a packet, previous research has found that a router can similarly employ an incoming table to verify where a packet should come from, thereby detecting IP spoofing. Based on a previous protocol for building incoming tables, SAVE, this paper introduces new mechanisms that not only address a critical deficiency of SAVE when it is incrementally deployed (incoming table entries becoming obsolete), but can also push the filtering of spoofing packets towards the SAVE router that is closest to spoofers. With these new mechanisms, and under the assumption of incremental deployment, we further discuss the security of SAVE, evaluate its efficacy, accuracy, and overhead, and look into its deployment incentives. Our results show incoming-table-based IP spoofing detection is a feasible and effective solution.
Toby Ehrenkranz, Jun Li, Patrick McDaniel

Partial Deafness: A Novel Denial-of-Service Attack in 802.11 Networks

We present a new denial-of-service attack against 802.11 wireless networks. Our attack exploits previously discovered performance degradation in networks with substantial rate diversity. In our attack, the attacker artificially reduces his link quality by not acknowledging receptions (which we call “partial deafness” because an attacker pretends to have not heard some of the transmission), thereby exploiting the retransmission and rate adaptation mechanisms to reduce Medium Access Control (MAC)-layer performance. As compared to previously proposed attacks, the partial deafness attack is particularly strong because the attacker does not necessarily need any advantage over normal users in terms of transmission power, computation resources, or channel condition.
Previous work has shown that time fairness in sharing the wireless medium can improve network throughput. We show that time-based regulation at the data queue of the access point can similarly mitigate the negative impact of a partial deafness attacker.
Jihyuk Choi, Jerry T. Chiang, Dongho Kim, Yih-Chun Hu

Attacking Beacon-Enabled 802.15.4 Networks

The IEEE 802.15.4 standard has attracted time-critical applications in wireless sensor networks (WSNs) because of its beacon-enabled mode and guaranteed time slots (GTSs). However, the GTS management scheme’s built-in security mechanisms still leave the 802.15.4 MAC vulnerable to attacks. Further, the existing techniques in the literature for securing 802.15.4 either focus on non beacon-enabled mode 802.15.4 or cannot defend against insider attacks for beacon-enabled mode 802.15.4. In this paper we illustrate this by demonstrating attacks on the availability and integrity of a beacon-enabled 802.15.4 sensor network. To confirm the validity of the attacks, we implement the attacks using Tmote Sky Motes for sensor nodes, where the malicious node is deployed as an inside attacker. We show that the malicious node can easily exploit information retrieved from the beacon frames to compromise the integrity and availability of the network. We also discuss possible defense mechanisms against these attacks.
Sang Shin Jung, Marco Valero, Anu Bourgeois, Raheem Beyah

Supporting Publication and Subscription Confidentiality in Pub/Sub Networks

The publish/subscribe model offers a loosely-coupled communication paradigm where applications interact indirectly and asynchronously. Publisher applications generate events that are sent to interested applications through a network of brokers. Subscriber applications express their interest by specifying filters that brokers can use for routing the events. Supporting confidentiality of messages being exchanged is still challenging. First of all, it is desirable that any scheme used for protecting the confidentiality of both the events and filters should not require the publishers and subscribers to share secret keys. In fact, such a restriction is against the loose-coupling of the model. Moreover, such a scheme should not restrict the expressiveness of filters and should allow the broker to perform event filtering to route the events to the interested parties. Existing solutions do not fully address those issues. In this paper, we provide a novel scheme that supports (i) confidentiality for events and filters; (ii) filters can express very complex constraints on events even if brokers are not able to access any information on both events and filters; (iii) and finally it does not require publishers and subscribers to share keys.
Mihaela Ion, Giovanni Russello, Bruno Crispo

Security Protocols – I

CED2: Communication Efficient Disjointness Decision

Enforcing security often requires the two legitimate parties of a communication to determine whether they share a secret, without disclosing information (e.g. the shared secret itself, or just the existence of such a secret) to third parties—or even to the other party, if it is not the legitimate party but an adversary pretending to impersonate the legitimate one. In this paper, we propose CED2 (Communication Efficient Disjointness Decision), a probabilistic and distributed protocol that allows two parties—each one having a finite set of elements—to decide about the disjointness of their sets. CED2 is particularly suitable for devices having constraints on energy, communication, storage, and bandwidth. Examples of these devices are satellite phones, or nodes of wireless sensor networks. We show that CED2 significantly improves the communication cost compared to the state of the art, while providing the same degree of privacy and security. Analysis and simulations support the findings.
Luciana Marconi, Mauro Conti, Roberto Di Pietro

Impossibility of Finding Any Third Family of Server Protocols Integrating Byzantine Quorum Systems with Threshold Signature Schemes

In order to tolerate servers’ Byzantine failures, a distributed storage service of self-verifying data (e.g., certificates) needs to make three security properties be Byzantine fault tolerant (BFT): data consistency, data availability, and confidentiality of the (signing service’s) private key. Building such systems demands the integration of Byzantine quorum systems (BQS), which only make data consistency and availability be BFT, and threshold signature schemes (TSS), which only make confidentiality of the private key be BFT. Two families of correct or valid TSS-BQS systems (of which the server protocols carry all the design options) have been proposed in the literature. Motivated by the failures in finding a third family of valid server protocols, we study the reverse problem and formally prove that it is impossible to find any third family of valid TSS-BQS systems. To obtain this proof, we develop a validity theory on server protocols of TSS-BQS systems. It is shown that the only two families of valid server protocols, “predicted” (or deduced) by the validity theory, precisely match the existing protocols.
Jingqiang Lin, Peng Liu, Jiwu Jing, Qiongxiao Wang

Context-Aware Usage Control for Android

The security of smart phones is increasingly important due to their rapid popularity. Mobile computing on smart phones introduces many new characteristics such as personalization, mobility, pay-for-service and limited resources. These features require additional privacy protection and resource usage constraints in addition to the security and privacy concerns on traditional computers. As one of the leading open source mobile platform, Android is also facing security challenges from the mobile environment. Although many security measures have been applied in Android, the existing security mechanism is coarse-grained and does not take into account the context information, which is of particular interest because of the mobility and personality of a smart phone device.
To address these challenges, we propose a context-aware usage control model ConUCON, which leverages the context information to enhance data protection and resource usage control on a mobile platform. We also extend the existing security mechanism to implement a policy enforcement framework on the Android platform based on ConUCON. With ConUCON, users are able to employ fine-grained and flexible security mechanism to enhance privacy protection and resource usage control. The extended security framework on Android enables mobile applications to run with better user experiences. The implementation of ConUCON and its evaluation study demonstrate that it can be practically adapted for other types of mobile platform.
Guangdong Bai, Liang Gu, Tao Feng, Yao Guo, Xiangqun Chen

System Security – II

Efficient Isolation of Trusted Subsystems in Embedded Systems

Many embedded systems have relatively strong security requirements because they handle confidential data or support secure electronic transactions. A prototypical example are payment terminals. To ensure that sensitive data such as cryptographic keys cannot leak, security-critical parts of these systems are implemented as separate chips, and hence physically isolated from other parts of the system.
But isolation can also be implemented in software. Higher-end computing platforms are equipped with hardware support to facilitate the implementation of virtual memory and virtual machine monitors. However many embedded systems lack such hardware features.
In this paper, we propose a design for a generic and very lightweight hardware mechanism that can support an efficient implementation of isolation for several subsystems that share the same processor and memory space. A prototypical application is the software implementation of cryptographic support with strong assurance on the secrecy of keys, even towards other code sharing the same processor and memory. Secure co-habitation of code from different stakeholders on the same system is also supported.
Raoul Strackx, Frank Piessens, Bart Preneel

Enhancing Host Security Using External Environment Sensors

We propose a framework that uses environment information to enhance computer security. We apply our framework to: enhance IDS performance; and to enrich the expressiveness of access/rate controls. The environment information is gathered by external (w.r.t the host) sensors, and transmitted via an out-of-band channel, and thus it is hard for adversaries not having physical access to compromise the system. The information gathered still remains intact even if malware use rootkit techniques to hide its activities. Due to requirements on user privacy, the information gathered could be coarse and simple. We show that such simple information is already useful in several experimental evaluations. For instance, binary user presence indicating at a workstation can help to detect DDoS zombie attacks and illegal email spam. Our framework takes advantage of the growing popularity of multimodal sensors and physical security information management systems. Trends in sensor costs suggest that it will be cost-effective in the near future.
Ee-Chien Chang, Liming Lu, Yongzheng Wu, Roland H. C. Yap, Jie Yu

FADE: Secure Overlay Cloud Storage with File Assured Deletion

While we can now outsource data backup to third-party cloud storage services so as to reduce data management costs, security concerns arise in terms of ensuring the privacy and integrity of outsourced data. We design FADE, a practical, implementable, and readily deployable cloud storage system that focuses on protecting deleted data with policy-based file assured deletion. FADE is built upon standard cryptographic techniques, such that it encrypts outsourced data files to guarantee their privacy and integrity, and most importantly, assuredly deletes files to make them unrecoverable to anyone (including those who manage the cloud storage) upon revocations of file access policies. In particular, the design of FADE is geared toward the objective that it acts as an overlay system that works seamlessly atop today’s cloud storage services. To demonstrate this objective, we implement a working prototype of FADE atop Amazon S3, one of today’s cloud storage services, and empirically show that FADE provides policy-based file assured deletion with a minimal trade-off of performance overhead. Our work provides insights of how to incorporate value-added security features into current data outsourcing applications.
Yang Tang, Patrick P. C. Lee, John C. S. Lui, Radia Perlman

Security Protocols – II

A New Information Leakage Measure for Anonymity Protocols

The main goal of anonymity protocols is to protect the identities of communicating entities in a network communication. An anonymity protocol can be characterized by a noisy channel in the information-theoretic sense. The anonymity of the protocol is then tightly related to how much information is being leaked by the channel. In this paper we investigate a new idea of measuring the information leaked based on how much the rows of the channel probabilities matrix are different from each other. We considered each row of the matrix as a point in the n-dimensional space and we used statistical dispersion measures to estimate how much the points are scattered in the space. Empirical results showed that the two proposed measures KLSD and KLMD are sensitive to the modifications of the attacker capabilities and most importantly they are stable when the a priori distribution on the secret events changes. We show that a variant of KLSD coincides with the classical notion of mutual information which gives the latter an interesting geometric interpretation. The same idea of statistical dispersion is used in a new decision function when the protocol is re-executed several times.
Sami Zhioua

Hidden Markov Models for Automated Protocol Learning

Hidden Markov Models (HMMs) have applications in several areas of computer security. One drawback of HMMs is the selection of appropriate model parameters, which is often ad hoc or requires domain-specific knowledge. While algorithms exist to find local optima for some parameters, the number of states must always be specified and directly impacts the accuracy and generality of the model. In addition, domain knowledge is not always available or may be based on assumptions that prove incorrect or sub-optimal.
We apply the ε-machine—a special type of HMM—to the task of constructing network protocol models solely from network traffic. Unlike previous approaches, ε-machine reconstruction infers the minimal HMM architecture directly from data and is well suited to applications such as anomaly detection. We draw distinctions between our approach and previous research, and discuss the benefits and challenges of ε-machine for protocol model inference.
Sean Whalen, Matt Bishop, James P. Crutchfield

Epistemic Model Checking for Knowledge-Based Program Implementation: An Application to Anonymous Broadcast

Knowledge-based programs provide an abstract level of description of protocols in which agent actions are related to their states of knowledge. The paper describes how epistemic model checking technology may be applied to discover and verify concrete implementations based on this abstract level of description. The details of the implementations depend on the specific context of use of the protocol. The knowledge-based approach enables the implementations to be optimized relative to these conditions of use. The approach is illustrated using extensions of the Dining Cryptographers protocol, a security protocol for anonymous broadcast.
Omar I. Al-Bataineh, Ron van der Meyden

Network Security – II

Surveying DNS Wildcard Usage among the Good, the Bad, and the Ugly

A DNS wildcard can be used to point arbitrary requests for host names within a domain to a specific host name or IP address. Wildcards offer administrators the convenience of not having to change DNS entries when host names change. However, we are not aware of any work that documents how wildcards are used in practice. Such a study is particularly important now, because Internet miscreants are starting to exploit DNS wildcards for convenience and possibly for evading blacklists based on exact host names. In this paper, we study the prevalence and uses of wildcards among the good, bad, and ugly domains in the Internet. We find that wildcards are in extensive use among businesses that monetize unregistered domains, domains hosted by large web-hosting providers, blogging sites, and websites connected to scam, phishing, and malware.
Andrew Kalafut, Minaxi Gupta, Pairoj Rattadilok, Pragneshkumar Patel

The Hitchhiker’s Guide to DNS Cache Poisoning

DNS cache poisoning is a serious threat to today’s Internet. We develop a formal model of the semantics of DNS caches, including the bailiwick rule and trust-level logic, and use it to systematically investigate different types of cache poisoning and to generate templates for attack payloads. We explain the impact of the attacks on DNS resolvers such as BIND, MaraDNS, and Unbound and their implications for several defenses against DNS cache poisoning.
Sooel Son, Vitaly Shmatikov

A Formal Definition of Online Abuse-Freeness

Abuse-freeness is an important security requirement for con-tract-signing protocols. In previous work, Kähler, Küsters, and Wilke proposed a definition for offline abuse-freeness. In this work, we generalize this definition to online abuse-freeness and apply it to two prominent contract-signing protocols. We demonstrate that online abuse-freeness is strictly stronger than offline abuse-freeness.
Ralf Küsters, Henning Schnoor, Tomasz Truderung


Weitere Informationen

Premium Partner