Change search
Link to record
Permanent link

Direct link
BETA
Publications (10 of 38) Show all publications
Tiloca, M., Gehrmann, C. & Seitz, L. (2017). On improving resistance to Denial of Service and key provisioning scalability of the DTLS handshake. International Journal of Information Security, 16(2), 173-193
Open this publication in new window or tab >>On improving resistance to Denial of Service and key provisioning scalability of the DTLS handshake
2017 (English)In: International Journal of Information Security, ISSN 1615-5262, E-ISSN 1615-5270, Vol. 16, no 2, p. 173-193Article in journal (Refereed) Published
Abstract [en]

DTLS is a transport layer security protocol designed to provide secure communication over unreliable datagram protocols. Before starting to communicate, a DTLS client and server perform a specific handshake in order to establish a secure session and agree on a common security context. However, the DTLS handshake is affected by two relevant issues. First, the DTLS server is vulnerable to a specific Denial of Service (DoS) attack aimed at forcing the establishment of several half-open sessions. This may exhaust memory and network resources on the server, so making it less responsive or even unavailable to legitimate clients. Second, although it is one of the most efficient key provisioning approaches adopted in DTLS, the pre-shared key provisioning mode does not scale well with the number of clients, it may result in scalability issues on the server side, and it complicates key re-provisioning in dynamic scenarios. This paper presents a single and efficient security architecture which addresses both issues, by substantially limiting the impact of DoS, and reducing the number of keys stored on the server side to one unit only. Our approach does not break the existing standard and does not require any additional message exchange between DTLS client and server. Our experimental results show that our approach requires a shorter amount of time to complete a handshake execution and consistently reduces the time a DTLS server is exposed to a DoS instance. We also show that it considerably improves a DTLS server in terms of service availability and robustness against DoS attack.

Keywords
Denial of Service, DTLS, Key provisioning, Security, Scalability, Transmission control protocol, Security Architecture, Terms of services, Transport layer security protocols, Unreliable datagram, Denial-of-service attack
National Category
Natural Sciences
Identifiers
urn:nbn:se:ri:diva-30975 (URN)10.1007/s10207-016-0326-0 (DOI)2-s2.0-84961634159 (Scopus ID)
Available from: 2017-09-04 Created: 2017-09-04 Last updated: 2018-08-16Bibliographically approved
Paladi, N., Gehrmann, C. & Michalas, A. (2017). Providing User Security Guarantees in Public Infrastructure Clouds (11ed.). IEEE Transactions on Cloud Computing, 5(3), 405-419, Article ID 7399365.
Open this publication in new window or tab >>Providing User Security Guarantees in Public Infrastructure Clouds
2017 (English)In: IEEE Transactions on Cloud Computing, ISSN 2168-7161, Vol. 5, no 3, p. 405-419, article id 7399365Article in journal (Refereed) Published
Abstract [en]

The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants – insulated from the minutiae of hardware maintenance – rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organisations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the defined threat model. The protocols allow trust to be established by remotely attesting host platform configuration prior to launching guest virtual machines and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed protocols. The framework prototype was implemented on a test bed operating a public electronic health record system, showing that the proposed protocols can be integrated into existing cloud environments.

National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-24528 (URN)10.1109/TCC.2016.2525991 (DOI)2-s2.0-85029938241 (Scopus ID)
Projects
Infracloud
Available from: 2016-10-31 Created: 2016-10-31 Last updated: 2019-01-10Bibliographically approved
Abdelraheem, M. A., Andersson, T. & Gehrmann, C. (2017). Searchable Encrypted Relational Databases:Risks and Countermeasures. In: Joaquin Garcia-Alfaro et al. (Ed.), Data Privacy Management, Cryptocurrencies and Blockchain Technology: ESORICS 2017 International Workshops, DPM 2017 and CBT 2017, Oslo, Norway, September 14-15, 2017, Proceedings. Paper presented at ESORICS 2017 International Workshops: DPM 2017 (pp. 70-85). Gewerbestrasse 11, 6330 Cham, Switzerland: Springer Nature, 10436
Open this publication in new window or tab >>Searchable Encrypted Relational Databases:Risks and Countermeasures
2017 (English)In: Data Privacy Management, Cryptocurrencies and Blockchain Technology: ESORICS 2017 International Workshops, DPM 2017 and CBT 2017, Oslo, Norway, September 14-15, 2017, Proceedings / [ed] Joaquin Garcia-Alfaro et al., Gewerbestrasse 11, 6330 Cham, Switzerland: Springer Nature , 2017, Vol. 10436, p. 70-85Conference paper, Published paper (Refereed)
Abstract [en]

We point out the risks of protecting relational databases viaSearchable Symmetric Encryption (SSE) schemes by proposing an infer-ence attack exploiting the structural properties of relational databases.We show that record-injection attacks mounted on relational databaseshave worse consequences than their file-injection counterparts on un-structured databases. Moreover, we discuss some techniques to reducethe effectiveness of inference attacks exploiting the access pattern leak-age existing in SSE schemes. To the best of our knowledge, this is thefirst work that investigates the security of relational databases protectedby SSE schemes.

Place, publisher, year, edition, pages
Gewerbestrasse 11, 6330 Cham, Switzerland: Springer Nature, 2017
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 10436
Keywords
Privacy. SSE Database. Inference Attacks.
National Category
Computer Sciences
Identifiers
urn:nbn:se:ri:diva-33180 (URN)10.1007/978-3-319-67816-0 (DOI)2-s2.0-85030152876 (Scopus ID)978-3-319-67816-0 (ISBN)
Conference
ESORICS 2017 International Workshops: DPM 2017
Projects
PaaSword
Note

Publication venue: the 12th Data Privacy and Management (DPM) workshop co-located with ESORICS 2017

Available from: 2018-01-23 Created: 2018-01-23 Last updated: 2019-01-29Bibliographically approved
Paladi, N. & Gehrmann, C. (2017). TruSDN: Bootstrapping trust in cloud network infrastructure. In: Security and Privacy in Communication Networks: . Paper presented at 12th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2016), October 10-12, 2016, Guangzhou, China (pp. 104-124).
Open this publication in new window or tab >>TruSDN: Bootstrapping trust in cloud network infrastructure
2017 (English)In: Security and Privacy in Communication Networks, 2017, p. 104-124Conference paper, Published paper (Refereed)
Abstract [en]

Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.

Series
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering (LNICST), ISSN 1867-8211 ; 198
Keywords
Integrity, Software defined networking, Trust, Virtual switches, Trusted computing, Adversary modeling, Architectural modeling, Commodity operating systems, Network infrastructure, Resource utilizations, Software defined networking (SDN), Network security
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-31100 (URN)10.1007/978-3-319-59608-2_6 (DOI)2-s2.0-85021707665 (Scopus ID)978-3-319-59607-5 (ISBN)978-3-319-59608-2 (ISBN)
Conference
12th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2016), October 10-12, 2016, Guangzhou, China
Projects
5G-ENSURE
Available from: 2017-08-28 Created: 2017-08-28 Last updated: 2019-06-26Bibliographically approved
Baumann, C., Näslund, M., Gehrmann, C., Schwarz, O. & Thorsen, H. (2016). A High Assurance Virtualization Platform for ARMv8 (9ed.). In: 2016 European Conference on Networks and Communications (EuCNC): . Paper presented at 2016 European Conference on Networks and Communications (EUCNC 2016), June 27-30, 2016, Athens, Greece (pp. 210-214). , Article ID 7561034.
Open this publication in new window or tab >>A High Assurance Virtualization Platform for ARMv8
Show others...
2016 (English)In: 2016 European Conference on Networks and Communications (EuCNC), 2016, 9, p. 210-214, article id 7561034Conference paper, Published paper (Refereed)
Abstract [en]

This paper presents the first results from the ongoing research project HASPOC, developing a high assurance virtualization platform for the ARMv8 CPU architecture. Formal verification at machine code level guarantees information isolation between different guest systems (e.g.~OSs) running on the platform. To use the platform in networking scenarios, we allow guest systems to securely communicate with each other via platform-provided communication channels and to take exclusive control of peripherals for communication with the outside world. The isolation is shown to be formally equivalent to that of guests executing on physically separate platforms with dedicated communication channels crossing the air-gap. Common Criteria (CC) assurance methodology is applied by preparing the CC documentation required for an EAL6 evaluation of products using the platform. Besides the hypervisor, a secure boot component is included and verified to ensure system integrity.

Keywords
hypervisor, isolation, assurance, formal verification, Common Criteria, ARMv8
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-24570 (URN)10.1109/EuCNC.2016.7561034 (DOI)9781509028931 (ISBN)
Conference
2016 European Conference on Networks and Communications (EUCNC 2016), June 27-30, 2016, Athens, Greece
Projects
HASPOC
Note

This is the author version of the corresponding paper published in the 2016 European Conference on Networks and Communications (EuCNC). The publisher is IEEE. The final publication (DOI: 10.1109/EuCNC.2016.7561034) is available at IEEE Xplore via http://ieeexplore.ieee.org/document/7561034 © © 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Available from: 2016-10-31 Created: 2016-10-31 Last updated: 2019-06-12Bibliographically approved
Giustolisi, R., Gehrmann, C., Ahlström, M. & Holmberg, S. (2016). A secure group-based AKA protocol for machine-type communications. In: Seokhie Hong, Jong Hwan Park (Ed.), Information Security and Cryptology – ICISC 2016: . Paper presented at 19th International Conference on Information Security and Cryptology (ICISC 2016), November 30 - December 2, 2016, Seoul, South Korea (pp. 3-27). , Article ID 10157.
Open this publication in new window or tab >>A secure group-based AKA protocol for machine-type communications
2016 (English)In: Information Security and Cryptology – ICISC 2016 / [ed] Seokhie Hong, Jong Hwan Park, 2016, p. 3-27, article id 10157Conference paper, Published paper (Refereed)
Abstract [en]

The fifth generation wireless system (5G) is expected to handle with an unpredictable number of heterogeneous connected devices while guaranteeing a high level of security. This paper advances a groupbased Authentication and Key Agreement (AKA) protocol that contributes to reduce latency and bandwidth consumption, and scales up to a very large number of devices. A central feature of the proposed protocol is that it provides a way to dynamically customize the trade-off between security and efficiency. The protocol is lightweight as it resorts on symmetric key encryption only, hence it supports low-end devices and can be already adopted in current standards with little effort. Using ProVerif, we prove that the protocol meets mutual authentication, key confidentiality, and device privacy also in presence of corrupted devices, a threat model not being addressed in the state-of-the-art group-based AKA proposals. We evaluate the protocol performances in terms of latency and bandwidth consumption, and obtain promising results.

Series
Lecture Notes in Computer Science (LNCS), ISSN 0302-9743 ; 10157
Keywords
Authentication, Bandwidth, Cryptography, Economic and social effects, Security of data, Authentication and key agreements, Bandwidth consumption, Machine type communications, Mutual authentication, Protocol performance, State of the art, Symmetric key encryption, Wireless systems, Network security
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-29381 (URN)10.1007/978-3-319-53177-9_1 (DOI)2-s2.0-85012965501 (Scopus ID)978-3-319-53176-2 (ISBN)978-3-319-53177-9 (ISBN)
Conference
19th International Conference on Information Security and Cryptology (ICISC 2016), November 30 - December 2, 2016, Seoul, South Korea
Available from: 2017-05-11 Created: 2017-05-11 Last updated: 2019-07-10Bibliographically approved
Abdelraheem, M. A., Gehrmann, C., Lindström, M. & Nordahl, C. (2016). Executing Boolean Queries on an Encrypted Bitmap Index. In: CCSW 2016: Proceedings of the 2016 ACM on Cloud Computing Security Workshop. Paper presented at 8th ACM Cloud Computing Security Workshop (CCSW 2016), October 28, 2016, Vienna, Austria (pp. 11-22).
Open this publication in new window or tab >>Executing Boolean Queries on an Encrypted Bitmap Index
2016 (English)In: CCSW 2016: Proceedings of the 2016 ACM on Cloud Computing Security Workshop, 2016, p. 11-22Conference paper, Published paper (Refereed)
Abstract [en]

We propose a simple and efficient searchable symmetric encryption scheme based on a Bitmap index that evaluates Boolean queries. Our scheme provides a practical solution in settings where communications and computations are very constrained as it offers a suitable trade-off between privacy and performance.

Keywords
Bitmap index, Boolean query, Conjunctive search, Searchable symmetric encryption
National Category
Computer Systems
Identifiers
urn:nbn:se:ri:diva-28253 (URN)10.1145/2996429.2996436 (DOI)9781450345729 (ISBN)
Conference
8th ACM Cloud Computing Security Workshop (CCSW 2016), October 28, 2016, Vienna, Austria
Available from: 2017-02-21 Created: 2017-02-21 Last updated: 2019-06-20Bibliographically approved
Gehrmann, C. & Abdelraheem, M. A. (2016). IoT protection through device to cloud synchronization. In: 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom): . Paper presented at 8th IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2016), December 12-15, 2016, Luxembourg City, Luxembourg (pp. 527-532). , Article ID 7830733.
Open this publication in new window or tab >>IoT protection through device to cloud synchronization
2016 (English)In: 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), 2016, p. 527-532, article id 7830733Conference paper, Published paper (Refereed)
Abstract [en]

This paper addresses the problem of protecting distributed IoT units from network based attacks while still having a high level of availability. In particular we suggest a novel method where the IoT device execution state is modeled with a suitable high level application model and where the execution state of the application of the IoT device is 'mirrored' in a cloud executed machine. This machine has very high availability and high attack resistance. The IoT device will only communicate with the mirror machine in the cloud using a dedicated synchronization protocol. All essential IoT state information and state manipulations are communicated through this synchronization protocol while all end application communication directed towards the IoT units is done towards the mirror machine in the cloud. This gives a very robust and secure system with high availability at the price of slower responses. However, for many non-real time IoT application with high security demands this performance penalty can be justified.

Keywords
Cloud, DDoS, IoT, Security, Synchronization, Cloud computing, Clouds, Mirrors, High availability, High level applications, Network-based attacks, Performance penalties, State information, Synchronization protocols, Internet of things
National Category
Natural Sciences
Identifiers
urn:nbn:se:ri:diva-31062 (URN)10.1109/CloudCom.2016.0092 (DOI)2-s2.0-85012970248 (Scopus ID)978-1-5090-1445-3 (ISBN)
Conference
8th IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2016), December 12-15, 2016, Luxembourg City, Luxembourg
Available from: 2017-09-05 Created: 2017-09-05 Last updated: 2019-06-24Bibliographically approved
Tiloca, M., Gehrmann, C. & Seitz, L. (2016). On Improving Resistance to Denial of Service and Key Provisioning Scalability of the DTLS Handshake (8ed.). International Journal of Information Security, 16(2), 173-193
Open this publication in new window or tab >>On Improving Resistance to Denial of Service and Key Provisioning Scalability of the DTLS Handshake
2016 (English)In: International Journal of Information Security, ISSN 1615-5262, E-ISSN 1615-5270, Vol. 16, no 2, p. 173-193Article in journal (Refereed) Published
Abstract [en]

DTLS is a transport layer security protocol designed to provide secure communication over unreliable datagram protocols. Before starting to communicate, a DTLS client and server perform a specific handshake in order to establish a secure session and agree on a common security context. However, the DTLS handshake is affected by two relevant issues. First, the DTLS server is vulnerable to a specific Denial of Service (DoS) attack aimed at forcing the establishment of several half open sessions. This may exhaust memory and network resources on the server, so making it less responsive or even unavailable to legitimate clients. Second, although it is one of the most efficient key provisioning approaches adopted in DTLS, the pre-shared key provisioning mode does not scale well with the number of clients, it may result in scalability issues on the server side, and it complicates key re-provisioning in dynamic scenarios. This paper presents a single and efficient security architecture which addresses both issues, by substantially limiting the impact of DoS, and reducing the number of keys stored on the server side to one unit only. Our approach does not break the existing standard and does not require any additional message exchange between DTLS client and server. Our experimental results show that our approach requires a shorter amount of time to complete a handshake execution, and consistently reduces the time a DTLS server is exposed to a DoS instance. We also show that it considerably improves a DTLS server in terms of service availability and robustness against DoS attack.

Place, publisher, year, edition, pages
Springer, 2016 Edition: 8
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-24539 (URN)10.1007/s10207-016-0326-0 (DOI)2-s2.0-84961634159 (Scopus ID)
Projects
EU FP7 SEGRID (Grant Agreement no. FP7-607109)EIT DIGITAL High Impact Initiative "Advanced connectivity platform for vertical segments"
Available from: 2016-10-31 Created: 2016-10-31 Last updated: 2019-08-14Bibliographically approved
Tiloca, M., Gehrmann, C. & Seitz, L. (2016). Robust and Scalable DTLS Session Establishment (5ed.). ERCIM News, 31-32
Open this publication in new window or tab >>Robust and Scalable DTLS Session Establishment
2016 (English)In: ERCIM News, ISSN 0926-4981, E-ISSN 1564-0094, p. 31-32Article in journal (Refereed) Published
Abstract [en]

The Datagram Transport Layer Security (DTLS) protocol is highly vulnerable to a form of denial-of-service attack (DoS), aimed at establishing a high number of invalid, half-open, secure sessions. Moreover, even when the efficient pre-shared key provisioning mode is considered, the key storage on the server side scales poorly with the number of clients. SICS Swedish ICT has designed a security architecture that efficiently addresses both issues without breaking the current standard.

Place, publisher, year, edition, pages
ERCIM, 2016 Edition: 5
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-22245 (URN)
Projects
EU FP7 SEGRID
Available from: 2016-10-31 Created: 2016-10-31 Last updated: 2019-06-18Bibliographically approved
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0001-8003-200x

Search in DiVA

Show all publications
v. 2.35.7