Goals Of Confidentiality Research Articles

A Survey and Analysis of TLS Interception Mechanisms and Motivations: Exploring how end-to-end TLS is made “end-to-me” for web traffic

TLS is an end-to-end protocol designed to provide confidentiality and integrity guarantees that improve end-user security and privacy. While TLS helps defend against pervasive surveillance of intercepted unencrypted traffic, it also hinders several common beneficial operations typically performed by middleboxes on the network traffic. Consequently, various methods have been proposed that “bypass” the confidentiality goals of TLS by playing with keys and certificates essentially in a man-in-the-middle solution, as well as new proposals that extend the protocol to accommodate third parties, delegation schemes to trusted middleboxes, and fine-grained control and verification mechanisms. We first review the use cases expecting plain HTTP traffic and discuss the extent to which TLS hinders these operations. We retain 19 scenarios where access to unencrypted traffic is still relevant and evaluate the incentives of the stakeholders involved. Second, we survey 30 schemes by which TLS no longer delivers end-to-end security and by which the notion of an “end” changes, including caching middleboxes such as Content Delivery Networks. Finally, we compare each scheme based on deployability and security characteristics and evaluate their compatibility with the stakeholders’ incentives. Our analysis leads to a number of key findings, observations, and research questions that we believe will be of interest to practitioners, policy makers, and researchers.

Data Classification for Secure Mobile Health Data Collection Systems

Data collected in Mobile Health Data Collections Systems (MHDCS) are diverse, both in terms of type and value. This calls for different data protection measures to meet security goals of confidentiality, integrity, and availability. The majority of commonly used open-source MHDCS track and monitor individuals over a while. It is therefore important to have sensitive data defined and proper security measures identified. We propose a data classification model as a basis for secure design and implementation. Our method combines interviews with case studies. The case studies focused on three of the widely used MHDCS platforms in low-resource settings; that is Muzima, Open Data Kit (ODK), and District Health Information Software (DHIS) 2 Tracker Capture. Interviews with domain experts helped define the sensitivity of data in MHDCS. The proposed data classification model provides for three sensitivity levels: public, confidential, and critical. The model uses context information and multiple parameters as inputs to a classification scheme that maps data to sensitivity levels. The generated data classifications are intended to guide developers and users to build security into MHDCS starting from the early stages of the software development life cycle.

A data privacy approach for cyber-physical systems

The European General Data Protection Regulation (GDPR), which has been in effect since 25th May, 2018, tightens the requirements regarding data protection for anyone collecting or processing personal data within the European Union (EU) and is connected with heavy fines in case of violations. The topic of data privacy for cyber-physical systems and the related requirements towards development and operation are, however, not new. Many regional laws and regulations pursuing the goals of confidentiality, integrity, availability, storage and purpose limitation, minimisation, transparency and accuracy of personal data have already been in place long before the introduction of the GDPR. But for many companies, dealing with the formal requirements defined by the GDPR is a new and challenging task. We developed a clearly structured approach based on established and proven workflows aimed at integrating data protection topics into existing development processes and thereby achieving compliance with data protection regulations. This approach follows the widely used V-model for development and is inspired by concepts from functional safety development. Both the discipline of functional safety and that of data privacy aim to protect the end-user against harm caused by malfunctions of the system they are using. In the first case this refers to physical harm, while in the second to harm due to violations of fundamental rights and freedoms of natural persons. In the age of digitalisation there are currently indications for a paradigm shift that puts both kinds of harm on the same level. The approach starts by defining the scope of collection and processing of private data as well as the relevant functions and interfaces. Based on this, the threats related to the loss or breach of personal data are analysed and corresponding goals are formulated. A high-level strategy for reaching those goals and preventing data privacy infringements is then derived. This strategy is further refined into concrete technical and process solutions for which verification and validation criteria are defined.

Signcryption Method Suitable for Low-Power IoT Devices in a Wireless Sensor Network

Internet of Things (IoT) consists of scenarios in which real-world appliances, objects, animals or people with unique identifiers transfer data over an insecure wireless network to accomplish specific tasks without any physical interaction. To achieve the specified goal, wireless sensor networks (WSNs) are usually connected to the Internet and integrated as part of the IoT. In such environments, how to send a message securely from a sensor to an Internet host becomes an important issue for the successful functioning of the IoT. In this paper, a new, efficient, heterogeneous online/offline signcryption scheme is proposed. This scheme achieves the security goals of confidentiality, integrity, authentication, and nonrepudiation in a logical single step. In particular, its structure allows a sensor node in an identity-based cryptography (IBC) setup to send a message to an Internet host in a public key infrastructure (PKI) such that the heavy verification loads on low-power devices are mitigated. The proposed signcryption scheme is divided into the offline and the online signcrypt stages for further load mitigation. The first stage handles most part of computations in generating a ciphertext before knowing the message. Only a few operations are left for the second stage when the messages show up. This scheme is indistinguishable against adaptive chosen-ciphertext attacks under the computational Diffie–Hellman assumption, and is unforgeable against adaptive chosen-message attacks under the elliptic curve discrete logarithm assumption. As compared with other related works, the proposed scheme has lower computation costs on both the sensor and the host sides and is more power efficient and scalable for various IoT scenarios.

Toward Proper Authentication Methods in Electronic Medical Record Access Compliant to HIPAA and C.I.A. Triangle.

This paper examines various methods encompassing the authentication of users in accessing Electronic Medical Records (EMRs). From a methodological perspective, multiple authentication methods have been researched from both a desktop and mobile accessibility perspective. Each method is investigated at a high level, along with comparative analyses, as well as real world examples. The projected outcome of this examination is a better understanding of the sophistication required in protecting the vital privacy constraints of an individual's Protected Health Information (PHI). In understanding the implications of protecting healthcare data in today's technological world, the scope of this paper is to grasp an overview of confidentiality as it pertains to information security. In addressing this topic, a high level overview of the three goals of information security are examined; in particular, the goal of confidentiality is the primary focus. Expanding upon the goal of confidentiality, healthcare accessibility legal aspects are considered, with a focus upon the Health Insurance Portability and Accountability Act of 1996 (HIPAA). With the primary focus of this examination being access to EMRs, the paper will consider two types of accessibility of concern: access from a physician, or group of physicians; and access from an individual patient.

A new secure and efficient scheme for network mobility management

AbstractIn order to separate a host's identity from its location on the Internet, the Host Identity Protocol (HIP) was developed by the Internet Engineering Task Force as a mobility management solution. HIP provides a solid basis to enable secured mobility and multihoming features. Several extensions and proposals have been introduced in recent publications to improve the micro‐mobility features of HIP. Moreover, many other publications have dealt with the efficiency of Network Mobility (NEMO) management with HIP. However, the HIP‐based micro‐mobility management solutions adapted to NEMO scenario do not cover all security aspects requirements and still suffer from security flaws. Therefore, in this paper, a number of potential threats in the typical HIP with Rendez Vous Server are identified. A new secure and efficient scheme for network mobility management is also proposed to overcome the outlined ones. The proposed solution ensures strong authentication between network entities, reduces Denial of Service attacks, secures against Domain Name Server spoofing, reply, and eavesdropping attacks, and ensures end‐to‐end confidentiality and integrity protection. To analyze the security properties of the proposed scheme, we have performed automated formal specification and evaluation with the help of both the Automated Validation of Internet Security Protocols and Applications and the Security Protocol Animator, which have proved that authentication and confidentiality goals are achieved. Hence, the scheme is effective when an intruder is present. Copyright © 2014 John Wiley & Sons, Ltd.

User Perception of Security on Social Networking Sites Using Fuzzy Logic

Human nature often frowns on engaging or interacting with near strangers. However, on online social media networks, this is largely ignored. There is an open interaction among both known users and loosely-connected users, and as a result, the normal social barriers against interacting with strangers are lowered. This rather careless openness has resulted in the rampant increase in cybercrime and identity theft worldwide, awaiting a potential privacy disaster in the near future. Since users raise concerns about the privacy and the security of social media sites, there is the need to evaluate the perception that users have of the security on social media sites. This paper presents a technique for evaluating user perception of level of security on social networking sites using fuzzy logic. The inputs to the system were fuzzy sets representing linguistic variables for information security evaluation goals of confidentiality, integrity and availability. The IF-THEN rules were constructed using the Mamdani fuzzy reasoning technique and the defuzzification technique was done using the centroid technique. The implementation of the design was carried out using the MATLAB Fuzzy logic tool box. Using three of the popular online social networking sites namely, Facebook, Twitter and LinkedIn the results show a system that can effectively be employed to evaluate user perception of Information Security.

Soft constraint programming to analysing security protocols

Security protocols stipulate how the remote principals of a computer network should interact in order to obtain specific security goals. The crucial goals of confidentiality and authentication may be achieved in various forms, each of different strength. Using soft (rather than crisp) constraints, we develop a uniform formal notion for the two goals. They are no longer formalised as mere yes/no properties as in the existing literature, but gain an extra parameter, the security level. For example, different messages can enjoy different levels of confidentiality, or a principal can achieve different levels of authentication with different principals. The goals are formalised within a general framework for protocol analysis that is amenable to mechanisation by model checking. Following the application of the framework to analysing the asymmetric Needham-Schroeder protocol, we have recently discovered a new attack on that protocol as a form of retaliation by principals who have been attacked previously. Having commented on that attack, we then demonstrate the framework on a bigger, largely deployed protocol consisting of three phases, Kerberos.

Inductive verification of smart card protocols

An existing approach based on induction and theorem proving is tailored to the verification of security protocols that make use of smart cards. Smart cards are modelled operationally, hence only their functionalities, rather than their implementative technicalities, are of interest. The spy can steal certain smart cards, and clone others while learning their stored secrets. In terms of generality, the approach scales up to protocols that assume secure or insecure means between agents and smart cards, as well as to smart cards being PIN-operated or PIN-less. In terms of extensibility, new, application-dependent smart card functionalities can be easily included.The approach is demonstrated on the key distribution protocol designed by Shoup and Rubin [30], and the assumptions are studied that are necessary on the smart cards for the protocol goals to be met. It is found that, if the data buses of the smart cards are unreliable as to produce outputs in an unspecified order, then the protocol does not confirm to the peers its goals of confidentiality, authentication, and key distribution because of lack of explicitness. A simple fix is introduced and proved.

A trusted subject architecture for multilevel secure object-oriented databases

We address security in object-oriented database systems for multilevel secure environments. Such an environment consists of users cleared to various security levels, accessing information labeled with varying classifications. Our purpose is three-fold. First, we show how security can be naturally incorporated into the object model of computing so as to form a foundation for building multilevel secure object-oriented database management systems. Next, we show how such an abstract security model can be realized under a cost-effective, viable, and popular security architecture. Finally, we give security arguments based on trusted subjects and a formal proof to demonstrate the confidentiality of our architecture and approach. A notable feature of our solution is the support for secure synchronous write-up operations. This is useful when low level users want to send information to higher level users. In the object-oriented context, this is naturally modeled and efficiently accomplished through write-up messages sent by low level subjects. However, such write-up messages can pose confidentiality leaks (through timing and signaling channels) if the timing of the receipt and processing of the messages is observable to lower level senders. Such covert channels are a formidable obstacle in building high-assurance secure systems. Further, solutions to problems such as these have been known to involve various tradeoffs between confidentiality, integrity, and performance. We present a concurrent computation model that closes such channels while preserving the conflicting goals of confidentiality, integrity, and performance. Finally, we give a confidentiality proof for a trusted subject architecture and implementation and demonstrate that the trusted subject (process) cannot leak information in violation of multilevel security.

A Kernelized Architecture for Multilevel Secure Object-Oriented Databases Supporting Write-Up

This paper presents a kernelized architecture (i.e., an architecture in which no subject is exempted from the simple-security and *-properties) for multilevel secure (mls) object-oriented database management systems (DBMS's) which support write-up. Relational mls DBMS's typically do not allow write-up, due to integrity problems arising from the blind nature of write-up operations in these systems. In object-oriented DBMS's, on the other hand, sending messages upwards in the security lattice does not present an integrity problem because such messages will be processed by appropriate methods in the destination object. However, supporting write-up operations in object-oriented systems is complicated by the fact that such operations are no longer primitive; but can be arbitrarily complex and therefore can take arbitrary amounts of processing time. We focus on support for remote procedure call (RPC) based write-up operations. Dealing with the timing of such write-up operations consequently has broad implications on confidentiality (due to the possibility of signaling channels), integrity, and performance.We present an asynchronous computational model for mls object-oriented databases, which achieves the conflicting goals of confidentiality, integrity, and efficiency (performance). This requires concurrent computations to be generated within a user session, and for them to be scheduled so the net effect is logically that of a sequential (RPC-based) computation. Our work utilizes an underlying message filter security model to enforce mandatory confidentiality. We demonstrate how our computational model can be implemented within the framework of a kernelized architecture. In doing so, we present various intra-session and inter-session concurrency schemes. The intra-session schemes are concerned with the scheduling and management of concurrent computations generated within a user session, and we present conservative as well as aggressive scheduling algorithms. The inter-session schemes provide the traditional concurrency control functions of managing shared access to database objects, across user sessions.