On Distributed Security Transactions that Use Secure Transport Protocols
نویسندگان
چکیده
In this paper we consider techniques for designing and analysing distributed security transactions. We present a layered approach, with a highlevel security transaction layer running on top of a lower-level secure transport protocol. The secure transport protocol provides protection against dishonest outsiders, while the transaction layer can be designed to provide protection against dishonest insiders. We give examples of this layered approach, with the aim of demonstrating that the separation of concerns allows for a cleaner, more intuitive design. We consider how to analyse such a layered security architecture.
منابع مشابه
Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC
Key agreement protocols are essential for secure communications in open and distributed environments. Recently, identity-based key agreement protocols have been increasingly researched because of the simplicity of public key management. The basic idea behind an identity-based cryptosystem is that a public key is the identity (an arbitrary string) of a user, and the corresponding private key is ...
متن کاملA Complete Secure Transport Service in the Internet
designed for the COMANDOS1 [1] distributed operating system platform, which may run on bare machines or over UNIX environments, using Internet protocols as a communication infrastructure. A secure transport service for secure communications between kernels was developed. As kernels use different transport protocols like TCP and UDP in broadcast, we implemented a general secure transport service...
متن کاملA Distributed Approach to Security in Sensornets
Secure communication is an important aspect of any network and it has largely remained unexplored in wireless sensor networks (WSN). Security becomes a major challenge because of ad-hoc and resource constrained nature of sensor networks. In this paper we present a scalable and distributed security protocol, DSPS, for WSN that fits in between the network and the transport layers. DSPS satisfies ...
متن کاملVerified Contributive Channel Bindings for Compound Authentication
Compound authentication protocols, such as EAP in IKEv2 or SASL over TLS, bind application-level authentication to a transport-level authenticated channel in order to obtain strong composite authentication under weak trust assumptions. Despite their wide deployment, these protocols remain poorly understood, leading to several credential forwarding man-in-themiddle attacks. We present formal mod...
متن کاملLeveraging attestation techniques for trust establishment in distributed systems
English) As the complexity of current software systems increases, we see a correlative increase in the number of discovered vulnerabilities. These vulnerabilities, once exploited, allow an attacker to surreptitiously install subversive programs, such as malware and spyware, that can eavesdrop, record and distribute a user’s actions, passwords, credit card information, bids in auctions or other ...
متن کامل