Efficient, compromise resilient and compact cryptographic constructions for digital forensics
Başlık çevirisi mevcut değil.
- Tez No: 400973
- Danışmanlar: DR. PENG NING
- Tez Türü: Doktora
- Konular: Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrol, Computer Engineering and Computer Science and Control
- Anahtar Kelimeler: Belirtilmemiş.
- Yıl: 2011
- Dil: İngilizce
- Üniversite: North Carolina State University
- Enstitü: Yurtdışı Enstitü
- Ana Bilim Dalı: Belirtilmemiş.
- Bilim Dalı: Belirtilmemiş.
- Sayfa Sayısı: 114
Özet
Özet yok.
Özet (Çeviri)
Audit logs are a fundamental digital forensic mechanism for providing security in computer systems; they are used to keep track of important events regarding the system activities. In current large distributed systems, protecting audit logs is a challenging task, especially in the presence of active attackers. It is critical for such a system to be compromise-resilient (i.e., having forward security and append-only integrity properties) such that when an attacker compromises a logging machine, she cannot forge or selectively delete the log entries accumulated before the compromise. Unfortunately, existing secure audit logging schemes have limitations that make them impractical for real-life applications: On the one hand, the symmetric schemes are not publicly verifiable, demand high storage, require online Trusted Third Party (TTP) support, and are also vulnerable to certain attacks. On the other hand,Public Key Cryptography (PKC)-based schemes require several Expensive Operations (ExpOps) (e.g., pairing), and thus are impractical for task-intensive and/or resource-constrained systems. In this dissertation, we address the above problems by developing a series of novel cryptographic constructions that achieve the most desirable properties of both symmetric and PKC-based schemes simultaneously. First, we propose a new class of signature schemes for Unattended Wireless Sensor Networks (UWSN) called Hash-Based Sequential Aggregate and Forward-Secure Signature (HaSAFSS). Using existing verification delays as an opportunity to introduce asymmetry, HaSAFSS schemes achieve high efficiency, while still preserving public verifiability, forward security and compactness. The HaSAFSS schemes are the only schemes in which both signers and verifiers get equal benefits of computational efficiency. Symmetric HaSAFSS (Sym-HaSAFSS) and Elliptic Curve Cryptography-based HaSAFSS (ECC-HaSAFSS) achieve the optimal (constant) signer and optimal verifier storage efficiency, respectively. Self-SUstaining HaSAFSS (SU-HaSAFSS) achieves an optimal storage at both the signer and the verifier sides by introducing a little more computation overhead. Second, we develop a novel forward-secure and aggregate signature scheme called Blind-Aggregate- Forward (BAF) to address the secure audit logging needs of resource-constrained devices. BAF can address both real-time and non-real-time applications by achieving the public verifiability without requiring any online TTP support or time factor. BAF is the only scheme that can produce a publicly verifiable signature with very low computational, storage, and communication costs for the loggers. Moreover, a variant of BAF (i.e., Fast-Immutable BAF) enables fine-grained log verification by preserving the optimal logger efficiency and security. Third, we propose a new signature scheme called Log Forward-secure and Append-only Signature (LogFAS) to address the secure logging needs of task-intensive applications with a large number of loggers. LogFAS is the only secure audit logging scheme that can verify L log entries with always a small and constant number of ExpOps regardless of the value of L. It is also the only alternative in which each verifier stores only a small and constant size public key independent from the number of loggers and the number of log entries to be verified. In addition, a variation of LogFAS can identify the corrupted log entries with a sub-linear number of ExpOps when most entries are intact. We prove that all of our schemes are secure under appropriate computational assumptions (in the random oracle model). We also show that they are significantly more efficient and practical than all the previous cryptographic secure audit logging schemes.
Benzer Tezler
- Strategies for connectivity issues, fault tolerance, and device authentication in drone networks
Dron ağlarında bağlantı konuları, hata toleransı ve cihaz yetkilendirme için stratejiler
UMUT CAN ÇABUK
Doktora
İngilizce
2022
Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve KontrolEge ÜniversitesiUluslararası Bilgisayar Ana Bilim Dalı
DOÇ. DR. ORHAN DAĞDEVİREN
DOÇ. DR. GÖKHAN DALKILIÇ
- A support vector machine-based approach for southbound communication detection in SDN using openflow
Openflow kullanarak SDN'de güney yönlü iletişim tespiti için destek vektör makinesi tabanlı bir yaklaşım
ALİ GÖKHAN AVRAN
Yüksek Lisans
İngilizce
2024
Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrolİstanbul Teknik ÜniversitesiBilgisayar Mühendisliği Ana Bilim Dalı
DR. ÖĞR. ÜYESİ GÖKHAN SEÇİNTİ
- The effect of time dimension and network dynamics on key distribution in wireless sensor networks
Zaman boyutu ve ağ dinamiklerinin kablosuz duyarga ağlarında anahtar paylaşımına etkisi
ÖMER ZEKVAN YILMAZ
Yüksek Lisans
İngilizce
2009
Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve KontrolSabancı ÜniversitesiBilgisayar Mühendisliği Bölümü
DOÇ. DR. ALBERT LEVİ
- A secure and reliable communication platform for the smart grid
Başlık çevirisi yok
KUBİLAY DEMİR
Doktora
İngilizce
2017
Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve KontrolTechnische Universität DarmstadtProf. NEERAJ SURI
- Rostam: A passwordless web single sign-on solution integrating credential manager and federated identity systems
Rostam: Kimlik yöneticisi ve federasyonlu kimlik sistemlerini entegre eden şifresiz bir web tek oturum açma çözümü
AMIN MAHNAMFAR
Yüksek Lisans
İngilizce
2023
Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrolİstanbul Teknik ÜniversitesiBilişim Uygulamaları Ana Bilim Dalı
PROF. DR. KEMAL BIÇAKCI