Catálogo de publicaciones - libros

The number of applications that are downloaded from the Internet and executed on-the-fly is increasing every day. Unfortunately, not all of these applications are benign, and, often, users are unsuspecting and unaware of the intentions of a program. To facilitate and secure this growing class of mobile code, Microsoft introduced the .NET framework, a new development and runtime environment where machine-independent byte-code is executed by a virtual machine. An important feature of this framework is that it allows access to native libraries to support legacy code or to directly invoke the Windows API. Such native code is called (as opposed to code). Unfortunately, the execution of unmanaged native code is not restricted by the .NET security model, and, thus, provides the attacker with a mechanism to completely circumvent the framework’s security mechanisms.

The approach described in this paper uses a sandboxing mechanism to prevent an attacker from executing malicious, unmanaged code that is not permitted by the security policy. Our sandbox is implemented as two security layers, one on top of the Windows API and one in the kernel. Also, managed and unmanaged parts of an application are automatically separated and executed in two different processes. This ensures that potentially unsafe code can neither issue system calls not permitted by the .NET security policy nor tamper with the memory of the .NET runtime. Our proof-of-concept implementation is transparent to applications and secures unmanaged code with a generally acceptable performance penalty. To the best of our knowledge, the presented architecture and implementation is the first solution to secure unmanaged code in .NET.

Format-string attack is one of the few truly threats to software security. Many previous methods for addressing this problem rely on program source code analysis or special recompilation, and hence exhibit limitations when applied to protect the source code unavailable software. In this paper, we present a transparent run-time approach to the defense against format-string attacks via dynamic taint and flexible validation. By leveraging library interposition and ELF binary analysis, we taint all the untrusted user-supplied data as well as their propagations during program execution, and add a security validation layer to the -family functions in C Standard Library in order to enforce a flexible policy to detect the format string attack on the basis of whether the format string has been tainted and contains dangerous format specifiers. Compared with other existing methods, our approach offers several benefits. It does not require the knowledge of the application or any modification to the program source code, and can therefore also be used with legacy applications. Moreover, as shown in our experiment, it is highly effective against the most types of format-string attacks and incurs low performance overhead.

We introduce , a novel peer-to-peer mixnet architecture for anonymity that yields low-latency networking compared to existing mixnet architectures. A mix ring is a cycle of continuous-time mixes that uses carefully coordinated cover traffic and a simple fan-out mechanism to protect the initiator from timing analysis attacks. Key features of the mix ring architecture include decoupling path creation from data transfer, and a mechanism to vary the cover traffic rate over time to prevent bandwidth overuse. We analyze the architecture with respect to other peer-to-peer anonymity systems – onion routing and batching mixnets – and we use simulation to demonstrate performance advantages of nearly 40% over batching mixnets while protecting against a wider variety of adversaries than onion routing.

Universal Re-encryption allows El-Gamal ciphertexts to be re-encrypted without knowledge of their corresponding public keys. This has made it an enticing building block for anonymous communications protocols. In this work we analyze four schemes related to mix networks that make use of Universal Re-encryption and find serious weaknesses in all of them. The Universal Re-encryption of signatures is open to existential forgery, and the two mix schemes can be fully compromised by an passive adversary observing a single message close to the sender. The fourth scheme, the rWonGoo anonymous channel, turns out to be less secure than the original Crowds scheme, on which it is based. Our attacks make extensive use of unintended ‘services’ provided by the network nodes acting as decryption and re-routing oracles. Finally, our attacks against rWonGoo demonstrate that anonymous channels are not automatically composable: using two of them in a careless manner makes the system more vulnerable to attack.

Sharing microdata tables is a primary concern in today information society. Privacy issues can be an obstacle to the free flow of such information. In recent years, disclosure control techniques have been developed to modify microdata tables in order to be anonymous. The -anonymity framework has been widely adopted as a standard technique to remove links between public available identifiers (such as full names) and sensitive data contained in the shared tables. In this paper we give a definition of -anonymity, allowing lower distortion on the anonymized data. We show that, under the hypothesis in which the adversary is not sure a priori about the presence of a person in the table, the privacy properties of -anonymity are respected also in the framework. Experiments on real-world data show that our approach outperforms -anonymity in terms of distortion introduced in the released data by the algorithms to enforce anonymity.

The paper extends the idea of negative representations of information for enhancing privacy. Simply put, a set of data elements can be represented in terms of its complement set. That is, all the elements not in are depicted and itself is not explicitly stored.

review the negative database () representation scheme for storing a negative image compactly and propose a design for depicting a multiple record using a collection of s—in contrast to the single approach of previous work. Finally, we present a method for creating negative databases that are hard to reverse in practice, i.e., from which it is hard to obtain , by adapting a technique for generating 3-SAT formulas.

Based on the compression function of the hash function standard SHA-256, SHACAL-2 is a 64-round block cipher with a 256-bit block size and a variable length key of up to 512 bits. In this paper, we present a related-key rectangle attack on 42-round SHACAL-2, which requires 2 related-key chosen plaintexts and has a running time of 2. This is the best currently known attack on SHACAL-2.

In this article, the RIPEMD-160 hash function is studied in detail. To analyze the hash function, we have extended existing approaches and used recent results in cryptanalysis. While RIPEMD and RIPEMD-128 reduced to 3 rounds are vulnerable to the attack, it is not feasible for RIPEMD-160. Furthermore, we present an analytical attack on a round-reduced variant of the RIPEMD-160 hash function. To the best of our knowledge this is the first article that investigates the impact of recent advances in cryptanalysis of hash functions on RIPEMD-160.

Blind signatures are a useful ingredient to design secure sophisticated systems like electronic voting or sensitive applications like e-cash. Multi-users signature schemes, like ring or group signatures, are also a useful tool to provide to such systems some properties like scalability, anonymity, (dynamic) group structure, revocation facilities...We propose in this article a simple blind ring signature scheme based on pairings on algebraic curves. We formally prove the security (anonymity, blindness and unforgeability) of our scheme in the random oracle model, under quite standard assumptions.

The  concept of  concurrent  signatures was introduced by Chen, Kudla and Paterson at Eurocrypt 2004. In a concurrent signature scheme, users sign their messages in an ambiguous way so that the signatures are only verifiable by the users themselves by any other outsiders. At a later stage, one of the users releases an extra bit of information called the , then all the signatures become binding to their signers concurrently. At this stage, any outsider can verify the signatures. Chen, Kudla and Paterson proposed a concurrent signature scheme for users. Recently, Susilo and Mu constructed a scheme for users. It is an open problem to construct concurrent signature schemes for multi users. In this paper, we answer this open problem affirmatively. Using techniques of ring signatures and bilinear pairings, we construct a concurrent signature scheme for multi-users.