-
Location-Enhanced Authenticated Key Exchange
Authors:
Marcos Portnoi,
Chien-Chung Shen
Abstract:
We introduce LOCATHE (Location-Enhanced Authenticated Key Exchange), a generic protocol that pools location, user attributes, access policy and desired services into a multi-factor authentication, allowing two peers to establish a secure, encrypted session and perform mutual authentication with pre-shared keys, passwords and other authentication factors. LOCATHE contributes to: (1) forward secrecy…
▽ More
We introduce LOCATHE (Location-Enhanced Authenticated Key Exchange), a generic protocol that pools location, user attributes, access policy and desired services into a multi-factor authentication, allowing two peers to establish a secure, encrypted session and perform mutual authentication with pre-shared keys, passwords and other authentication factors. LOCATHE contributes to: (1) forward secrecy through ephemeral session keys; (2) security through zero-knowledge password proofs (ZKPP), such that no passwords can be learned from the exchange; (3) the ability to use not only location, but also multiple authentication factors from a user to a service; (4) providing a two-tiered privacy authentication scheme, in which a user may be authenticated either based on her attributes (hiding her unique identification), or with a full individual authentication; (5) employing the expressiveness and flexibility of Decentralized or Multi-Authority Ciphertext-Policy Attribute-Based Encryption, allowing multiple service providers to control their respective key generation and attributes.
△ Less
Submitted 17 February, 2016; v1 submitted 27 October, 2015;
originally announced October 2015.
-
Network Simulator - Visão Geral da Ferramenta de Simulação de Redes
Authors:
Marcos Portnoi,
Rafael Gonçalves Bezerra de Araújo
Abstract:
This paper describes NS - Network Simulator, the computer networks simulation tool. We offer an overview NS, and also analyze its characteristics and functions. Finally, we present in detail all steps for preparing a simulation of a simple model in NS.
This paper describes NS - Network Simulator, the computer networks simulation tool. We offer an overview NS, and also analyze its characteristics and functions. Finally, we present in detail all steps for preparing a simulation of a simple model in NS.
△ Less
Submitted 27 April, 2015;
originally announced May 2015.
-
Secure Zones: An Attribute-Based Encryption advisory system for safe firearms
Authors:
Marcos Portnoi,
Chien-Chung Shen
Abstract:
This work presents an application of the highly expressive Attribute-Based Encryption to implement Secure Zones for firearms. Within these zones, radio-transmitted local policies based on attributes of the user and the firearm are received by embedded hardware in the firearms, which then advises the user about safe operations. The Secure Zones utilize Attribute-Based Encryption to encode the polic…
▽ More
This work presents an application of the highly expressive Attribute-Based Encryption to implement Secure Zones for firearms. Within these zones, radio-transmitted local policies based on attributes of the user and the firearm are received by embedded hardware in the firearms, which then advises the user about safe operations. The Secure Zones utilize Attribute-Based Encryption to encode the policies and user attributes, and providing privacy and security through it cryptography. We describe a holistic approach to evolving the firearm to a cyber-physical system to aid in augmenting safety. We introduce a conceptual model for a firearm equipped with sensors and a context-aware software agent. Based on the information from the sensors, the agent can access the context and inform the user of potential unsafe operations. To support Secure Zones and the cyber-physical firearm model, we propose a Key Infrastructure Scheme for key generation, distribution, and management, and a Context-Aware Software Agent Framework for Firearms.
△ Less
Submitted 27 April, 2015;
originally announced April 2015.
-
Location-aware sign-on and key exchange using attribute-based encryption and Bluetooth beacons
Authors:
Marcos Portnoi,
Chien-Chung Shen
Abstract:
This work presents a mobile sign-on scheme, which utilizes Bluetooth Low Energy beacons for location awareness and Attribute-Based Encryption for expressive, broadcast-style key exchange. Bluetooth Low Energy beacons broadcast encrypted messages with encoded access policies. Within range of the beacons, a user with appropriate attributes is able to decrypt the broadcast message and obtain paramete…
▽ More
This work presents a mobile sign-on scheme, which utilizes Bluetooth Low Energy beacons for location awareness and Attribute-Based Encryption for expressive, broadcast-style key exchange. Bluetooth Low Energy beacons broadcast encrypted messages with encoded access policies. Within range of the beacons, a user with appropriate attributes is able to decrypt the broadcast message and obtain parameters that allow the user to perform a short or simplified login. The effect is a "traveling" sign-on that accompanies the user throughout different locations.
△ Less
Submitted 27 April, 2015;
originally announced April 2015.
-
An information services algorithm to heuristically summarize IP addresses for a distributed, hierarchical directory service
Authors:
Marcos Portnoi,
Jason Zurawsky,
Martin Swany
Abstract:
A distributed, hierarchical information service for computer networks might rely in several instances, located in different layers. A distributed directory service, for example, might be comprised of upper level listings, and local directories. The upper level listings contain a compact version of the local directories. Clients desiring to access the information contained in local directories migh…
▽ More
A distributed, hierarchical information service for computer networks might rely in several instances, located in different layers. A distributed directory service, for example, might be comprised of upper level listings, and local directories. The upper level listings contain a compact version of the local directories. Clients desiring to access the information contained in local directories might first access the high-level listings, in order to locate the appropriate local instance. One of the keys for the competent operation of such service is the ability of properly summarizing the information, which will be maintained in the upper level directories. We analyze the case of the Lookup Service in the Information Services plane of perfSONAR performance monitoring distributed architecture, which implements IPv4 summarization in its functions. We propose an empirical method, or heuristic, to achieve the summarizations, based on the PATRICIA tree. We further apply the heuristic on a simulated distributed test bed and contemplate the results.
△ Less
Submitted 7 January, 2015; v1 submitted 31 December, 2014;
originally announced January 2015.
-
Wireless-Delimited Secure Zones with Encrypted Attribute-Based Broadcast for Safe Firearms
Authors:
Marcos Portnoi,
Chien-Chung Shen
Abstract:
This work presents an application of the highly expressive Attribute-Based Encryption to implement wireless-delimited Secure Zones for firearms. Within these zones, radio-transmitted local policies based on attributes of the consumer and the firearm are received by embedded hardware in the firearms, which then advises the consumer about safe operations. The Secure Zones utilize Attribute-Based Enc…
▽ More
This work presents an application of the highly expressive Attribute-Based Encryption to implement wireless-delimited Secure Zones for firearms. Within these zones, radio-transmitted local policies based on attributes of the consumer and the firearm are received by embedded hardware in the firearms, which then advises the consumer about safe operations. The Secure Zones utilize Attribute-Based Encryption to encode the policies and consumer or user attributes, and providing privacy and security through it cryptography. We describe a holistic approach to evolving the firearm to a cyber-physical system to aid in augmenting safety. We introduce a conceptual model for a firearm equipped with sensors and a context-aware software agent. Based on the information from the sensors, the agent can access the context and inform the consumer of potential unsafe operations. To support Secure Zones and the cyber-physical firearm model, we propose a Key Infrastructure Scheme for key generation, distribution, and management, and a Context-Aware Software Agent Framework for Firearms.
△ Less
Submitted 6 November, 2014;
originally announced November 2014.
-
Loc-Auth: Location-Enabled Authentication Through Attribute-Based Encryption
Authors:
Marcos Portnoi,
Chien-Chung Shen
Abstract:
Traditional user authentication involves entering a username and password into a system. Strong authentication security demands, among other requirements, long, frequently hard-to-remember passwords. Two-factor authentication aids in the security, even though, as a side effect, might worsen user experience. We depict a mobile sign-on scheme that benefits from the dynamic relationship between a use…
▽ More
Traditional user authentication involves entering a username and password into a system. Strong authentication security demands, among other requirements, long, frequently hard-to-remember passwords. Two-factor authentication aids in the security, even though, as a side effect, might worsen user experience. We depict a mobile sign-on scheme that benefits from the dynamic relationship between a user's attributes, the service the user wishes to utilize, and location (where the user is, and what services are available there) as an authentication factor. We demonstrate our scheme employing Bluetooth Low Energy beacons for location awareness and the expressiveness of Attribute-Based Encryption to capture and leverage the described relationship. Bluetooth Low Energy beacons broadcast encrypted messages with encoded access policies. Within range of the beacons, a user with appropriate attributes is able to decrypt the broadcast message and obtain parameters that allow the user to perform a short or simplified login.
△ Less
Submitted 7 October, 2014; v1 submitted 3 October, 2014;
originally announced October 2014.
-
TARVOS - an Event-Based Simulator for Performance Analysis, Supporting MPLS, RSVP-TE, and Fast Recovery
Authors:
Marcos Portnoi,
Joberto S. B. Martins
Abstract:
This paper presents a new discrete event-based network simulator named TARVOS - Computer Networks Simulator, being designed as part of the first Author's Masters research and will provide support to simulating MPLS architecture, several RSVP-TE protocol functionalities and fast recovery in case of link failure. The tool is used in a case study, where the impact of a link failure on a VoIP applicat…
▽ More
This paper presents a new discrete event-based network simulator named TARVOS - Computer Networks Simulator, being designed as part of the first Author's Masters research and will provide support to simulating MPLS architecture, several RSVP-TE protocol functionalities and fast recovery in case of link failure. The tool is used in a case study, where the impact of a link failure on a VoIP application, within an MPLS domain network, is analyzed. The paper displays a preliminary research of six already available simulators and reasons why they were not adopted as tools for the Masters research. Then, it follows to describe the basics of TARVOS implementation and exhibits the case study simulated by this new tool.
△ Less
Submitted 27 January, 2014;
originally announced January 2014.
-
Criptografia com Curvas Elípticas
Authors:
Marcos Portnoi
Abstract:
This paper presents an overview of the use of elliptic curves in cryptography. The security of this cryptosystem is based on the discrete logarithm problem, which appears to be much harder compared to the discrete logarithm problem in other cryptosystems. An overview of common cryptosystems is given, such as Diffie-Hellman and RSA, and an elliptic curve cryptography scheme is discussed.
--------…
▽ More
This paper presents an overview of the use of elliptic curves in cryptography. The security of this cryptosystem is based on the discrete logarithm problem, which appears to be much harder compared to the discrete logarithm problem in other cryptosystems. An overview of common cryptosystems is given, such as Diffie-Hellman and RSA, and an elliptic curve cryptography scheme is discussed.
--------
Este trabalho apresenta o uso das curvas elípticas em criptografia. Sua segurança está baseada no problema do logaritmo discreto. Este problema aparentemente é significativamente mais difícil de resolver, comparado com o problema do logaritmo discreto usado por outros sistemas de criptografia. É dada uma visão geral de sistemas de criptografia comuns, como Diffie-Hellman e RSA, e discute-se um esquema de criptografia usando curvas elípticas.
△ Less
Submitted 27 January, 2014;
originally announced January 2014.
