English
Related papers

Related papers: Speranza: Usable, privacy-friendly software signin…

200 papers

Software signing is the most robust method for ensuring the integrity and authenticity of components in a software supply chain. Legacy key-managed signing tools (e.g., OpenPGP) burdened practitioners with key management and signer…

Software Engineering · Computer Science 2026-04-16 Kelechi G. Kalu , Sofia Okorafor , Tanmay Singla , Sophie Chen , Santiago Torres-Arias , James C. Davis

Identity-based code signing enables software developers to digitally sign their code using cryptographic keys. This key is then linked to an identity (e.g., through an identity provider), allowing signers to verify both the code's origin…

Cryptography and Security · Computer Science 2025-12-24 Chinenye Okafor , James C. Davis , Santiago Torres-Arias

Software signing provides a formal mechanism for provenance by ensuring artifact integrity and verifying producer identity. It also imposes tooling and operational costs to implement in practice. In an era of centralized registries such as…

Software Engineering · Computer Science 2025-10-07 Kelechi G. Kalu , James C. Davis

Software engineers integrate third-party components into their applications. The resulting software supply chain is vulnerable. To reduce the attack surface, we can verify the origin of components (provenance) before adding them.…

Cryptography and Security · Computer Science 2025-01-31 Taylor R. Schorlemmer , Ethan H. Burmane , Kelechi G. Kalu , Santiago Torres-Arias , James C. Davis

Identity-based software signing tools aim to make software artifact provenance verifiable while reducing the operational burden of long-lived key management. However, there is limited cross-tool longitudinal evidence about which usability…

Software Engineering · Computer Science 2026-03-19 Kelechi G. Kalu , Hieu Tran , Santiago Torres-Arias , Sooyeon Jeong , James C. Davis

Anonymous Single-Sign-On authentication schemes have been proposed to allow users to access a service protected by a verifier without revealing their identity which has become more important due to the introduction of strong privacy…

Cryptography and Security · Computer Science 2018-04-20 Jinguang Han , Liqun Chen , Steve Schneider , Helen Treharne , Stephan Wesemeyer

The security of TLS depends on trust in certificate authorities, and that trust stems from their ability to protect and control the use of a private signing key. The signing key is the key asset of a certificate authority (CA), and its…

Cryptography and Security · Computer Science 2017-10-11 Bargav Jayaraman , Hannah Li , David Evans

Many software products are composed of components integrated from other teams or external parties. Each additional link in a software product's supply chain increases the risk of the injection of malicious behavior. To improve supply chain…

Software Engineering · Computer Science 2025-03-31 Kelechi G. Kalu , Tanya Singla , Chinenye Okafor , Santiago Torres-Arias , James C. Davis

Verifiable credentials are a digital analogue of physical credentials. Their authenticity and integrity are protected by means of cryptographic techniques, and they can be presented to verifiers to reveal attributes or even predicates about…

Cryptography and Security · Computer Science 2024-01-17 Andrea Flamini , Giada Sciarretta , Mario Scuro , Amir Sharif , Alessandro Tomasi , Silvio Ranise

Most of the security services in the connected world of cyber-physical systems necessitate authenticating a large number of nodes privately. In this paper, the private authentication problem is considered which consists of a certificate…

Information Theory · Computer Science 2022-09-13 Narges Kazempour , Mahtab Mirmohseni , Mohammad Reza Aref

Security issues are the most challenging problems in cloud computing environments as an emerging technology. Regarding to this importance, an efficient and reliable user authentication and data protection model has been presented in this…

Distributed, Parallel, and Cluster Computing · Computer Science 2015-08-10 Mohammad Ahmadi , Mostafa Vali , Farez Moghaddam , Aida Hakemi , Kasra Madadipouya

Signcryption is a cryptographic primitive which performs encryption and signature in a single logical step. In conventional signcryption only receiver of the signcrypted text can verify the authenticity of the origin i.e. signature of the…

Cryptography and Security · Computer Science 2011-07-12 Prashant Kushwah , Sunder Lal

A trusted execution environment (TEE) such as Intel Software Guard Extension (SGX) runs a remote attestation to prove to a data owner the integrity of the initial state of an enclave, including the program to operate on her data. For this…

Cryptography and Security · Computer Science 2020-07-22 Weijie Liu , Wenhao Wang , Xiaofeng Wang , Xiaozhu Meng , Yaosong Lu , Hongbo Chen , Xinyu Wang , Qingtao Shen , Kai Chen , Haixu Tang , Yi Chen , Luyi Xing

Decision support systems are increasingly adopted to automate decision-making processes across industries, organizations, and governments. Decision support demands data privacy, integrity, and availability while ensuring customization,…

Cryptography and Security · Computer Science 2026-04-23 Edoardo Marangone , Eugenio Nerio Nemmi , Daniele Friolo , Giuseppe Ateniese , Ingo Weber , Claudio Di Ciccio

Binary verification plays a pivotal role in software security, yet building a verification service that is both open and trustworthy poses a formidable challenge. In this paper, we introduce a novel binary verification service, AGORA,…

Cryptography and Security · Computer Science 2025-10-14 Hongbo Chen , Quan Zhou , Sen Yang , Xing Han , Fan Zhang , Danfeng Zhang , Xiaofeng Wang

Redactable Signature Schemes and Zero-Knowledge Proofs are two radically different approaches to enable privacy. This paper analyses their merits and drawbacks when applied to decentralized identity system. Redactable Signatures, though…

Cryptography and Security · Computer Science 2023-10-25 Bryan Kumara , Mark Hooper , Carsten Maple , Timothy Hobson , Jon Crowcroft

A growing framework of legal and ethical requirements limit scientific and commercial evalua-tion of personal data. Typically, pseudonymization, encryption, or methods of distributed com-puting try to protect individual privacy. However,…

Cryptography and Security · Computer Science 2018-11-21 Nikolaus von Bomhard , Bernd Ahlborn , Catherine Mason , Ulrich Mansmann

The management of identities on the Internet has evolved from the traditional approach (where each service provider stores and manages identities) to a federated identity management system (where the identity management is delegated to a…

Cryptography and Security · Computer Science 2016-12-07 Muhammad Rizwan Asghar , Michael Backes , Milivoj Simeonovski

Individuals are encouraged to prove their eligibility to access specific services regularly. However, providing various organizations with personal data spreads sensitive information and endangers people's privacy. Hence, privacy-preserving…

Cryptography and Security · Computer Science 2022-12-27 Mina Namazi , Duncan Ross , Xiaojie Zhu , Erman Ayday

Software composition analysis (SCA) denotes the process of identifying open-source software components in an input software application. SCA has been extensively developed and adopted by academia and industry. However, we notice that the…

Software Engineering · Computer Science 2024-12-03 Huaijin Wang , Zhibo Liu , Yanbo Dai , Shuai Wang , Qiyi Tang , Sen Nie , Shi Wu
‹ Prev 1 2 3 10 Next ›