ترغب بنشر مسار تعليمي؟ اضغط هنا

DNStamp: Short-lived Trusted Timestamping

94   0   0.0 ( 0 )
 نشر من قبل Christoph Neumann
 تاريخ النشر 2013
  مجال البحث الهندسة المعلوماتية
والبحث باللغة English




اسأل ChatGPT حول البحث

Trusted timestamping consists in proving that certain data existed at a particular point in time. Existing timestamping methods require either a centralized and dedicated trusted service or the collaboration of other participants using the timestamping service. We propose a novel trusted timestamping scheme, called DNStamp, that does not require a dedicated service nor collaboration between participants. DNStamp produces shortlived timestamps with a validity period of several days. The generation and verification involves a large number of Domain Name System cache resolvers, thus removing any single point of failure and any single point of trust. Any host with Internet access may request or verify a timestamp, with no need to register to any timestamping service. We provide a full description and analysis of DNStamp. We analyze the security against various adversaries and show resistance to forward-dating, back-dating and erasure attacks. Experiments with our implementation of DNStamp show that one can set and then reliably verify timestamps even under continuous attack conditions.



قيم البحث

اقرأ أيضاً

Low-power wide-area network technologies such as LoRaWAN are promising for collecting low-rate monitoring data from geographically distributed sensors, in which timestamping the sensor data is a critical system function. This paper considers a synchr onization-free approach to timestamping LoRaWAN uplink data based on signal arrival time at the gateway, which well matches LoRaWANs one-hop star topology and releases bandwidth from transmitting timestamps and synchronizing end devices clocks at all times. However, we show that this approach is susceptible to a {em frame delay attack} consisting of malicious frame collision and delayed replay. Real experiments show that the attack can affect the end devices in large areas up to about $50,000,text{m}^2$. In a broader sense, the attack threatens any system functions requiring timely deliveries of LoRaWAN frames. To address this threat, we propose a $mathsf{LoRaTS}$ gateway design that integrates a commodity LoRaWAN gateway and a low-power software-defined radio receiver to track the inherent frequency biases of the end devices. Based on an analytic model of LoRas chirp spread spectrum modulation, we develop signal processing algorithms to estimate the frequency biases with high accuracy beyond that achieved by LoRas default demodulation. The accurate frequency bias tracking capability enables the detection of the attack that introduces additional frequency biases. We also investigate and implement a more crafty attack that uses advanced radio apparatuses to eliminate the frequency biases. To address this crafty attack, we propose a pseudorandom interval hopping scheme to enhance our frequency bias tracking approach. Extensive experiments show the effectiveness of our approach in deployments with real affecting factors such as temperature variations.
The rapid growth in distributed energy sources on power grids leads to increasingly decentralised energy management systems for the prediction of power supply and demand and the dynamic setting of an energy price signal. Within this emerging smart gr id paradigm, electric vehicles can serve as consumers, transporters, and providers of energy through two-way charging stations, which highlights a critical feedback loop between the movement patterns of these vehicles and the state of the energy grid. This paper proposes a vision for an Internet of Mobile Energy (IoME), where energy and information flow seamlessly across the power and transport sectors to enhance the grid stability and end user welfare. We identify the key challenges of trust, scalability, and privacy, particularly location and energy linking privacy for EV owners, for realising the IoME vision. We propose an information architecture for IoME that uses scalable blockchain to provide energy data integrity and authenticity, and introduces one-time keys for public EV transactions and a verifiable anonymous trip extraction method for EV users to share their trip data while protecting their location privacy. We present an example scenario that details the seamless and closed loop information flow across the energy and transport sectors, along with a blockchain design and transaction vocabulary for trusted decentralised transactions. We finally discuss the open challenges presented by IoME that can unlock significant benefits to grid stability, innovation, and end user welfare.
85 - Luyi Kang , Yuqi Xue , Weiwei Jia 2021
In-storage computing with modern solid-state drives (SSDs) enables developers to offload programs from the host to the SSD. It has been proven to be an effective approach to alleviate the I/O bottleneck. To facilitate in-storage computing, many frame works have been proposed. However, few of them treat the in-storage security as the first citizen. Specifically, since modern SSD controllers do not have a trusted execution environment, an offloaded (malicious) program could steal, modify, and even destroy the data stored in the SSD. In this paper, we first investigate the attacks that could be conducted by offloaded in-storage programs. To defend against these attacks, we build a lightweight trusted execution environment, named IceClave for in-storage computing. IceClave enables security isolation between in-storage programs and flash management functions that include flash address translation, data access control, and garbage collection, with TrustZone extensions. IceClave also achieves security isolation between in-storage programs by enforcing memory integrity verification of in-storage DRAM with low overhead. To protect data loaded from flash chips, IceClave develops a lightweight data encryption/decryption mechanism in flash controllers. We develop IceClave with a full system simulator. We evaluate IceClave with a variety of data-intensive applications such as databases. Compared to state-of-the-art in-storage computing approaches, IceClave introduces only 7.6% performance overhead, while enforcing security isolation in the SSD controller with minimal hardware cost. IceClave still keeps the performance benefit of in-storage computing by delivering up to 2.31$times$ better performance than the conventional host-based trusted computing approach.
Memory disaggregation provides efficient memory utilization across network-connected systems. It allows a node to use part of memory in remote nodes in the same cluster. Recent studies have improved RDMA-based memory disaggregation systems, supportin g lower latency and higher bandwidth than the prior generation of disaggregated memory. However, the current disaggregated memory systems manage remote memory only at coarse granularity due to the limitation of the access validation mechanism of RDMA. In such systems, to support fine-grained remote page allocation, the trustworthiness of all participating systems needs to be assumed, and thus a security breach in a node can propagate to the entire cluster. From the security perspective, the memory-providing node must protect its memory from memory-requesting nodes. On the other hand, the memory-requesting node requires the confidentiality and integrity protection of its memory contents even if they are stored in remote nodes. To address the weak isolation support in the current system, this study proposes a novel hardware-assisted memory disaggregation system. Based on the security features of FPGA, the logic in each per-node FPGA board provides a secure memory disaggregation engine. With its own networks, a set of FPGA-based engines form a trusted memory disaggregation system, which is isolated from the privileged software of each participating node. The secure memory disaggregation system allows fine-grained memory management in memory-providing nodes, while the access validation is guaranteed with the hardware-hardened mechanism. In addition, the proposed system hides the memory access patterns observable from remote nodes, supporting obliviousness. Our evaluation with FPGA implementation shows that such fine-grained secure disaggregated memory is feasible with comparable performance to the latest software-based techniques.
Future wireless networks will progressively displace service provisioning towards the edge to accommodate increasing growth in traffic. This paradigm shift calls for smart policies to efficiently share network resources and ensure service delivery. I n this paper, we consider a cognitive dynamic network architecture (CDNA) where primary users (PUs) are rewarded for sharing their connectivities and acting as access points for secondary users (SUs). CDNA creates opportunities for capacity increase by network-wide harvesting of unused data plans and spectrum from different operators. Different policies for data and spectrum trading are presented based on centralized, hybrid and distributed schemes involving primary operator (PO), secondary operator (SO) and their respective end users. In these schemes, PO and SO progressively delegate trading to their end users and adopt more flexible cooperation agreements to reduce computational time and track available resources dynamically. A novel matching-with-pricing algorithm is presented to enable self-organized SU-PU associations, channel allocation and pricing for data and spectrum with low computational complexity. Since connectivity is provided by the actual users, the success of the underlying collaborative market relies on the trustworthiness of the connections. A behavioral-based access control mechanism is developed to incentivize/penalize honest/dishonest behavior and create a trusted collaborative network. Numerical results show that the computational time of the hybrid scheme is one order of magnitude faster than the benchmark centralized scheme and that the matching algorithm reconfigures the network up to three orders of magnitude faster than in the centralized scheme.
التعليقات
جاري جلب التعليقات جاري جلب التعليقات
سجل دخول لتتمكن من متابعة معايير البحث التي قمت باختيارها
mircosoft-partner

هل ترغب بارسال اشعارات عن اخر التحديثات في شمرا-اكاديميا