532 Hits in 6.6 sec

A Client Bootstrapping Protocol for DoS Attack Mitigation on Entry Point Services in the Cloud

Hussain M. J. Almohri, Mohammad Almutawa, Mahmoud Alawadh, Karim Elish
2020 Security and Communication Networks  
This paper presents a client bootstrapping protocol for proxy-based moving target defense system for the cloud.  ...  The protocol establishes the identity of prospective clients who intend to connect to web services behind obscure proxy servers in a cloud-based network.  ...  denial-of-service attacks on initial network entry points.  ... 
doi:10.1155/2020/8873258 fatcat:lfopwrau55adpm6rhbcxswwqei

CloudTransport: Using Cloud Storage for Censorship-Resistant Networking [chapter]

Chad Brubaker, Amir Houmansadr, Vitaly Shmatikov
2014 Lecture Notes in Computer Science  
Because the traffic generated by these systems is disjoint from normal network traffic, it is easy to recognize and block, and once the censors identify network servers (e.g., Tor bridges) assisting in  ...  N66001-11-C-4018, NSF grant CNS-0746888, and a Google research award.  ...  Acknowledgements This research was supported by the Defense Advanced Research Projects Agency (DARPA) and SPAWAR Systems Center Pacific, Contract No.  ... 
doi:10.1007/978-3-319-08506-7_1 fatcat:4o5kvnfrxvgfndvj3si446vxj4

ADRCN: A Framework to Detect and Mitigate Malicious Insider Attacks in Cloud-Based Environment on IaaS

Priya Oberoi, Sumit Mittal, Rajneesh Kumar Gujral
2019 International journal of mathematical, engineering and management sciences  
Authenticated Dynamic Routing in Cloud Networks (ADRCN) to mitigate the malicious insider attacks while maintaining the path integrity in the Clouds.  ...  This work aims to give a solution for detection and prevention of malicious insider attacks in Cloud-based environments.  ...  We extend our sincere thanks to them for the unconditional support.  ... 
doi:10.33889//ijmems.2019.4.3-052 fatcat:e74ixy2f5ngddl2hwtdj3cwmda

Moving Target Defense for Cloud Infrastructures: Lessons from Botnets [chapter]

Wei Peng, Feng Li, Xukai Zou
2013 High Performance Cloud Auditing and Applications  
While providing elasticity to clients through on-demand service and cost-effectiveness to service providers through efficient resource allocation, current cloud infrastructures are largely homogeneously  ...  This leaves ample opportunities for attackers to reconnoiter and penetrate the security perimeter of cloud services.  ...  In a cloud infrastructure, the entry is usually the web-service-based management gateway.  ... 
doi:10.1007/978-1-4614-3296-8_2 fatcat:fh4ki3lduzf53dm2j5gyv6o7hm

Security of IoT Application Layer Protocols: Challenges and Findings

Giuseppe Nebbione, Maria Carla Calzarossa
2020 Future Internet  
More specifically, the paper focuses on the most popular protocols devised in IoT environments for messaging/data sharing and for service discovery.  ...  In this framework, the security of application layer protocols is of paramount importance since these protocols are at the basis of the communications among applications and services running on different  ...  Conflicts of Interest: The authors declare no conflict of interest.  ... 
doi:10.3390/fi12030055 fatcat:3v2rtjgfcvdwxds2bhm7hfdwna

A Security Reference Architecture for Blockchains [article]

Ivan Homoliak, Sarad Venugopalan, Qingze Hum, Pawel Szalachowski
2019 arXiv   pre-print
In contrast to the previous surveys, we focus on the categorization of security incidents based on their origins and using the proposed architecture we present existing prevention and mitigation techniques  ...  Due to their interesting features, blockchains have become popular in recent years. They are full-stack systems where security is a critical factor for their success.  ...  Client-side wallets do not expose private keys to a centralized party, but they still trust in the online interface provided by such a party, and moreover, their availability is dependent on such a party  ... 
arXiv:1904.06898v1 fatcat:aa3p3x6dy5fidlodgy3ak5twru

Protecting Insecure Communications with Topology-aware Network Tunnels

Georgios Kontaxis, Angelos D. Keromytis
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
TNT is not a substitute for TLS. We determine that popular web destinations are collocated in a small set of networks with 10 autonomous systems hosting 66% of traffic.  ...  The strategic placement of network tunnels, gathering of network intelligence and routing decisions of the TNT architecture are not found in VPN services, network proxies or Tor.  ...  Kemerlis and Michalis Polychronakis for early discussions and feedback. This work was supported in part by the National Science Foundation through Grant CNS-13-18415.  ... 
doi:10.1145/2976749.2978305 dblp:conf/ccs/KontaxisK16 fatcat:bybuzblukrh3flqqa6itqfr3xq

Toward Scalable Fully Homomorphic Encryption Through Light Trusted Computing Assistance [article]

Wenhao Wang, Yichen Jiang, Qintao Shen, Weihao Huang, Hao Chen, Shuang Wang, XiaoFeng Wang, Haixu Tang, Kai Chen, Kristin Lauter, Dongdai Lin
2019 arXiv   pre-print
In this paper we propose a hybrid solution that uses the latest hardware Trusted Execution Environments (TEEs) to assist FHE by moving the bootstrapping step, which is one of the major obstacles in designing  ...  While fully homomorphic encryption (FHE) is a promising technique that allows computations performed on the encrypted data, it suffers from a significant slow down to the computation.  ...  The entries from the task queue and data map are matched through their client ID. A thread pool is created in advance to keep track of the bootstrapping threads inside an SGX enclave.  ... 
arXiv:1905.07766v1 fatcat:e5h56qsfoneyzlob2wlzg4j6fi

Scaling pseudonymous authentication for large mobile systems

Mohammad Khodaei, Hamid Noroozi, Panos Papadimitratos
2019 Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks - WiSec '19  
Our full-blown implementation on the Google Cloud Platform shows that deploying large-scale and efficient VPKI can be cost-effective.  ...  in the presence of benign failures or resource depletion attacks, and that it dynamically scales out, or possibly scales in, according to request arrival rates.  ...  ACKNOWLEDGEMENT Work supported by the Swedish Foundation for Strategic Research (SSF) SURPRISE project and the KAW Academy Fellowship Trustworthy IoT project.  ... 
doi:10.1145/3317549.3323410 dblp:conf/wisec/KhodaeiNP19 fatcat:mfdm5wl7tjdbdkqknzczldeujq

SoK: An Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment [article]

Tobias Fiebig, Franziska Lichtblau, Florian Streibelt, Thorben Krueger, Pieter Lexis, Randy Bush, Anja Feldmann
2016 arXiv   pre-print
In this paper we provide a systematization of the security traps found in common Internet protocols.  ...  A classical example is insufficiently strict authentication requirements in a protocol specification.  ...  However, since services have to be reachable they have to allow some access. This access often turns out to be the entry point for attacks.  ... 
arXiv:1610.05531v1 fatcat:vaybjuis7rcnrnhlaetdhql6au

The fifteen year struggle of decentralizing privacy-enhancing technology [article]

Rolf Jagerman, Wendo Sabée, Laurens Versluis, Martijn de Vos, Johan Pouwelse
2014 arXiv   pre-print
To do so, we use one exemplary network, the Tor network.  ...  The Tor network is used as a key comparison network in the main part of the report: a tabular overview of the major anonymous networking technologies in use today.  ...  It is possible to perform a denial of service attack on well used entry nodes, forcing Tor clients to choose a new one. This improves the chance that a Tor client chooses a malicious entry node.  ... 
arXiv:1404.4818v1 fatcat:7yfg6ske2fhybodp665gtkflny

Intel SGX Enabled Key Manager Service with OpenStack Barbican [article]

Somnath Chakrabarti, Brandon Baker, Mona Vij
2017 arXiv   pre-print
While there is desire to use encryption, various cloud components do not want to deal with key management, which points to a strong need for a separate key management system.  ...  In addition, the API provides support for mutual attestation for Intel SGX enabled clients, multi-user key distribution, and extensions for protecting the confidentiality and integrity of the backend database  ...  ACKNOWLEDGMENTS Many thanks to Michael Steiner, Nilesh Somani, Shweta Shinde and Sudha Krishnakumar and many other reviewers for their valuable feedback on this paper.  ... 
arXiv:1712.07694v1 fatcat:43qe52kc2ja7ne4l5pcvmzrghe

Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS

Sudheesh Singanamalla, Suphanat Chunhapanya, Jonathan Hoyland, Marek Vavruša, Tanya Verma, Peter Wu, Marwan Fayed, Kurtis Heimerl, Nick Sullivan, Christopher Wood
2021 Proceedings on Privacy Enhancing Technologies  
In this paper we implement and deploy interoperable instantiations of the protocol, construct a corresponding formal model and analysis, and evaluate the protocols' performance with wide-scale measurements  ...  Results suggest that ODoH is a practical privacy-enhancing replacement for DNS.  ...  In addition, Anbang Wen for the work to harden and transition ODoH services to production at Cloudflare, Joost Van Dijk for operating a production ODoH proxy at SURF NL, Stephen Spencer at UW CSE for provisioning  ... 
doi:10.2478/popets-2021-0085 fatcat:gpk3r3bmazcf3owtdlmup5t3fm

Trust extension for commodity computers

Bryan Parno
2012 Communications of the ACM  
This failure was due, in part, to the absence of support for Ethernet, a feature considered crucial by the time the kernel was completed but not anticipated when originally designed. 11 key insights improving  ...  Verifiable computation allows a client to outsource the computation of a function and efficiently verify the results returned while keeping inputs and outputs private; constraining the way the worker/server  ...  Acknowledgments This article is based on my Ph.D. dissertation, 21 though much of the research it describes was conducted in collaboration with my advisor Adrian Perrig at Carnegie Mellon University,  ... 
doi:10.1145/2184319.2184339 fatcat:oxr7zwebyjhelpxt2quhbn5oai

The Security Reference Architecture for Blockchains: Towards a Standardized Model for Studying Vulnerabilities, Threats, and Defenses [article]

Ivan Homoliak, Sarad Venugopalan, Qingze Hum, Daniel Reijsbergen, Richard Schumi, Pawel Szalachowski
2020 arXiv   pre-print
Blockchains are distributed systems, in which security is a critical factor for their success.  ...  We propose the security reference architecture (SRA) for blockchains, which adopts a stacked model (similar to the ISO/OSI) describing the nature and hierarchy of various security and privacy aspects.  ...  The stacked model was also applied in cloud computing, referred to as cloud stack [276] , in which, each layer represents one service model in the model's hierarchy.  ... 
arXiv:1910.09775v2 fatcat:xvxnekjhtbbt7dc4b3kxy3m6xi
« Previous Showing results 1 — 15 out of 532 results