One of the biggest challenges for the Internet of Things (IoT) is to bridge the currently fragmented trust domains. The traditional PKI model relies on a common root of trust and does not fit well with the heterogeneous IoT ecosystem where constrained devices belong to independent administrative domains.In this work we describe a distributed trust model for the IoT that leverages the existing trust domains and bridges them to create endto-end trust between IoT devices without relying on any common root of trust. Furthermore we define a new cryptographic primitive, denoted as obligation chain designed as a credit-based Blockchain with a built-in reputation mechanism. Its innovative design enables a wide range of use cases and business models that are simply not possible with current Blockchain-based solutions while not experiencing traditional blockchain delays. We provide a security analysis for both the obligation chain and the overall architecture and provide experimental tests that show its viability and quality.
5G communications proposed significant improvements over 4G in terms of efficiency and security. Among these novelties, the 5G network slicing seems to have a prominent role: deploy multiple virtual network slices, each providing a different service with different needs and features. Like this, a Slice Operator (SO) ruling a specific slice may want to offer a service for users meeting some requirements. It is of paramount importance to provide a robust authentication protocol, able to ensure that users meet the requirements, providing at the same time a privacy-by-design architecture. This makes even more sense having a growing density of Internet of Things (IoT) devices exchanging private information over the network. In this paper, we improve the 5G network slicing authentication using a Self-Sovereign Identity (SSI) scheme: granting users full control over their data. We introduce an approach to allow a user to prove his right to access a specific service without leaking any information about him. Such an approach is SANS, a protocol that provides nonlinkable protection for any issued information, preventing an SO or an eavesdropper from tracking users’ activity and relating it to their real identities. Furthermore, our protocol is scalable and can be taken as a framework for improving related technologies in similar scenarios, like authentication in the 5G Radio Access Network (RAN) or other wireless networks and services. Such features can be achieved using cryptographic primitives called Zero-Knowledge Proofs (ZKPs). Upon implementing our solution using a state-of-the-art ZKP library and performing several experiments, we provide benchmarks demonstrating that our approach is affordable in speed and memory consumption.
Over the past decade, the Bitcoin P2P network protocol has become a reference model for all modern cryptocurrencies. While nodes in this network are known, the connections among them are kept hidden, as it is commonly believed that this helps protect from deanonymization and low-level attacks. However, adversaries can bypass this limitation by inferring connections through side channels. At the same time, the lack of topology information hinders the analysis of the network, which is essential to improve efficiency and security. In this paper, we thoroughly review network-level attacks and empirically show that topology obfuscation is not an effective countermeasure. We then argue that the benefits of an open topology potentially outweigh its risks, and propose a protocol to reliably infer and monitor connections among reachable nodes of the Bitcoin network. We formally analyze our protocol and experimentally evaluate its accuracy in both trusted and untrusted settings. Results show our system has a low impact on the network, and has precision and recall are over 90% with up to 20% of malicious nodes in the network.
Zero-Knowledge Proofs (ZKPs) are cryptographic primitives allowing a party to prove to another party that the former knows some information while keeping it secret. Such a premise can lead to the development of numerous privacy-preserving protocols in different scenarios, like proving knowledge of some credentials to a server without leaking the identity of the user. Even when the applications of ZKPs were endless, they were not exploited in the wild for a couple of decades due to the fact that computing and verifying proofs was too computationally expensive. However, the advent of efficient schemes (in particular, zk-SNARKs) made this primitive to break into the scene in fields like cryptocurrencies, smart-contracts, and more recently, self-sovereign scenarios: private-by-design identity management and authentication. Nevertheless, its adoption in environments like the Internet of Things (IoT) remains unexplored due to the computational limitations of embedded systems. In this paper, we introduce ZPiE, a C library intended to create ZKP applications to be executed in embedded systems. Its main feature is portability: it can be compiled, executed, and used out-of-the-box in a wide variety of devices. Moreover, our proof-of-concept has been proved to work smoothly in different devices with limited resources, which can execute state-of-the-art ZKP authentication protocols.
In this paper we propose N-Guard: a portable, effective, and efficient solution to thwart contactless skimming of NFC cards. Our solution enables an NFC-compliant smartphone to protect the user's cards, preventing the adversary from harvesting the cards' data. Moreover, we also introduce a fine grained access control mechanism, allowing the user to discriminate between NFC cards that can be opportunistically queried and sensitive ones that can be read only under the strict permission of the owner. We implemented a proof-of-concept of N-Guard for Android OS and tested it under several digital skimming scenarios showing its effectiveness in thwarting unauthorized access attempts. Moreover, we also measured the consumption of N-Guard and proved that its energy consumption is negligible. Further, it is worth noting that N-Guard requires neither any specific modification to the NFC standard, nor any change on users behavior. Finally, through some empirical evidence, we show N-Guard to be effective even when the interaction between the NFC tags and the reader is driven by proprietary protocols (e.g. Mastercard). All the reported results, having being developed over an NFC-enabled credit-card use case, are general and applicable to all NFC tags.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.