Related papers: RITM: Revocation in the Middle
Network traffic inspection, including TLS traffic, in enterprise environments is widely practiced. Reasons for doing so are primarily related to improving enterprise security (e.g., malware detection) and meeting legal requirements. To…
In many typical application scenarios, it is necessary to revoke the incorrect account operations caused by user mis-operation, financial fraud, illegal hacking, etc. Unfortunately, users often blur the lines between the concept of…
Trusted Execution Environments (TEEs) on low-power microcontrollers (e.g., ARM TrustZone-M) enable isolation of Secure and Non-Secure software but still require both worlds to share resources, including interrupt controllers. In this model,…
Anonymity revocation is an essential component of credential issuing systems since unconditional anonymity is incompatible with pursuing and sanctioning credential misuse. However, current anonymity revocation approaches have shortcomings…
Among the available communication systems, vehicular networks are emerging as one of the most promising and yet most challenging instantiations of mobile ad-hoc network technologies. The deployment of such networks in large scale requires…
The management of sensitive data, including identity management (IDM), is an important problem in cloud computing, fundamental for authentication and fine-grained service access control. Our goal is creating an efficient and robust IDM…
Electronic documents are signed using private keys and verified using the corresponding digital certificates through the well-known public key infrastructure model. Private keys must be kept in a safe container so they can be reused. This…
This paper proposes a combination of an Intrusion Detection System with a routing protocol to strengthen the defense of a Mobile Ad hoc Network. Our system is Socially Inspired, since we use the new paradigm of Reputation inherited from…
European Digital Identity (EUDI) Wallet aims to provide end users with a way to get attested credentials from issuers, and present them to different relying parties. An important property mentioned in the regulatory frameworks is the…
Information systems enable many organizational processes in every industry. The efficiencies and effectiveness in the use of information technologies create an unintended byproduct: misuse by existing users or somebody impersonating them -…
Trust in applications is crucial, especially for fast and efficient hiring processes. Applicants must present credentials that employers can trust without delays or risk of fraudulent information. This paper introduces a framework for…
In this paper, we propose a new Blockchain-based message and revocation accountability system called Blackchain. Combining a distributed ledger with existing mechanisms for security in V2X communication systems, we design a distributed…
Stateful Middleboxes are integral part of enterprise and campus networks that provide essential in-network, security, and value-added services. These stateful middleboxes rely on precise network flow identification. However, the adoption of…
There has recently been a flood of interest in potential new applications of blockchains, as well as proposals for more generic designs called public ledgers. Most of the novel proposals have been in the financial sector. However, the…
Paramount to vehicle safety, broadcasted Cooperative Awareness Messages (CAMs) and Decentralized Environmental Notification Messages (DENMs) are pseudonymously authenticated for security and privacy protection, with each node needing to…
Enterprise network traffic typically traverses a sequence of middleboxes forming a service function chain, or simply a chain. Tolerating failures when they occur along chains is imperative to the availability and reliability of enterprise…
Novel hardware-aided trusted execution environments, as provided by Intel's Software Guard Extensions (SGX), enable to execute applications in a secure context that enforces confidentiality and integrity of the application state even when…
To keep a system secure, all devices in the system need to be benign. To avoid malicious and/or compromised devices, network access control such as authentication using a credential and remote attestation based on trusted hardware has been…
Trusted execution environments (TEEs) protect the integrity and confidentiality of running code and its associated data. Nevertheless, TEEs' integrity protection does not extend to the state saved on disk. Furthermore, modern cloud-native…
Anonymity is a desirable feature for vehicle-to-vehicle (V2V) communications, but it conflicts with other requirements such as non-repudiation and revocation. Existing, pseudonym-based V2V communications schemes rely on certificate…