Much of the power of modern Web comes from the ability of a Web page to combine content and JavaScript code from disparate servers on the same page. While the ability to create such mash-ups is attractive for both the user and the developer because of extra functionality, code inclusion effectively opens the hosting site up for attacks and poor programming practices within every JavaScript library or API it chooses to use. In other words, expressiveness comes at the price of losing control. To regain the control, it is therefore valuable to provide means for the hosting page to restrict the behavior of the code that the page may include. This paper presents ConScript, a client-side advice implementation for security, built on top of Internet Explorer 8. ConScript allows the hosting page to express fine-grained application-specific security policies that are enforced at runtime. In addition to presenting 17 widely-ranging security and reliability policies that ConScript enables, we also show how policies can be generated automatically through static analysis of server-side code or runtime analysis of client-side code. We also present a type system that helps ensure correctness of ConScript policies. To show the practicality of ConScript in a range of settings, we compare the overhead of ConScript enforcement and conclude that it is significantly lower than that of other systems proposed in the literature, both on micro-benchmarks as well as large, widely-used applications such as MSN, GMail, Google Maps, and Live Desktop.

/pdf/conscript-specifying-and-enforcing-fine-grained-security-45g7cxn6zj.pdf

ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser

Book review: Applied cryptography: Protocols, algorithms, and source code in C

Radio frequency identification (RFID) has been considered one of the imperative requirements for implementation of Internet-of-Things applications. It helps to solve the identification issues of the things in a cost-effective manner, but RFID systems often suffer from various security and privacy issues. To solve those issues for RFID systems, many schemes have been recently proposed by using the cryptographic primitive, called physically uncloneable functions (PUFs), which can ensure a tamper-evident feature. However, to the best of our knowledge, none of them has succeeded to address the problem of privacy preservation with the resistance of DoS attacks in a practical way. For instance, existing schemes need to rely on exhaustive search operations to identify a tag, and also suffer from several security and privacy related issues. Furthermore, a tag needs to store some security credentials (e.g., secret shared keys), which may cause several issues such as loss of forward and backward secrecy and large storage costs. Therefore, in this paper, we first propose a lightweight privacy-preserving authentication protocol for the RFID system by considering the ideal PUF environment. Subsequently, we introduce an enhanced protocol which can support the noisy PUF environment. It is argued that both of our protocols can overcome the limitations of existing schemes, and further ensure more security properties. By analyzing the performance, we have shown that the proposed solutions are secure, efficient, practical, and effective for the resource-constraint RFID tag.

/pdf/lightweight-and-practical-anonymous-authentication-protocol-zva1cukulp.pdf

Lightweight and Practical Anonymous Authentication Protocol for RFID Systems Using Physically Unclonable Functions

This paper critically examines some recently proposed RFID privacy models. It shows that some models suffer from weaknesses such as insufficient generality and unrealistic assumptions regarding the adversary's ability to corrupt tags. We propose a new RFID privacy model that is based on the notion of indistinguishability and that does not suffer from the identified drawbacks. We demonstrate the easy applicability of our model by applying it to multiple existing RFID protocols.

/pdf/a-new-rfid-privacy-model-201q5gnyzj.pdf

A new RFID privacy model

https://lirias.kuleuven.be/bitstream/123456789/309465/2/article-2028.pdf

A New RFID Privacy Model

Many RFID authentication protocols with randomized tag response have been proposed to avoid simple tag tracing. These protocols are symmetric in common due to the lack of computational power to perform expensive asymmetric cryptography calculations in low-cost tags. Protocols with constantly changing tag key have also been proposed to avoid more advanced tag tracing attacks. With both the symmetric and constantchanging properties, tag and reader re-synchronization is unavoidable as the key of a tag can be made desynchronized with the reader due to offline attacks or incomplete protocol runs. In this paper, our contribution is to classify these synchronized RFID authentication protocols into different types and then examine their highest achievable levels of privacy protections using the privacy model proposed by Vaudenay in Asiacrypt 2007 and later extended by Ng et al. in ESORICS 2008. Our new privacy results show the separation between weak privacy and narrow-forward privacy in these protocols, which effectively fills themissing relationship of these two privacy levels in Vaudenay's paper and answer the question raised by Paise and Vaudenay in ASIACCS 2008 on why they cannot find a candidate protocol that can achieve both privacy levels at the same time. We also show that forward privacy is impossible with these synchronized protocols.

/pdf/new-privacy-results-on-synchronized-rfid-authentication-4dsjvsct96.pdf

New privacy results on synchronized RFID authentication protocols against tag tracing

When an RFID tag changes hand, it is not as simply as handing over the tag secret to the new owner. Privacy is a concern if there is no secure ownership transfer scheme to aid the transfer. After sales service and temporary tag delegation are also features commonly seen in such applications. In this paper, we proposed a new RFID ownership transfer scheme that achieves the most security protections and properties in comparison to most of the previous schemes. We also introduced four new security properties that have not been considered before. This opens up new research directions for further development of RFID ownership transfer.

Practical RFID ownership transfer scheme

Network security analysis based on attack graphs has been applied extensively in recent years. The ranking of nodes in an attack graph is an important step towards analyzing network security. This paper proposes an alternative attack graph ranking scheme based on a recent approach to machine learning in a structured graph domain, namely, Graph Neural Networks (GNNs). Evidence is presented in this paper that the GNN is suitable for the task of ranking attack graphs by learning a ranking function from examples and generalizes the function to unseen possibly noisy data, thus showing that the GNN provides an effective alternative ranking method for attack graphs.

http://repository.hkbu.edu.hk/cgi/viewcontent.cgi?article=1001&context=vprd_conf

Ranking Attack Graphs with Graph Neural Networks

The protection of privacy has gained considerable attention recently. In response to this, new privacy protection systems are being introduced. SITDRMis one such system that protects private data through the enforcement of licenses provided by consumers. Prior to supplying data, data owners are expected to construct a detailed license for the potential data users. A license specifies whom, under what conditions, may have what type of access to the protected data.

The specification of a license by a data owner binds the enterprise data handling to the consumer's privacy preferences. However, licenses are very detailed, may reveal the internal structure of the enterprise and need to be kept synchronous with the enterprise privacy policy. To deal with this, we employ the Platform for Privacy Preferences Language (P3P) to communicate enterprise privacy policies to consumers and enable them to easily construct data licenses. A P3P policy is more abstract than a license, allows data owners to specify the purposes for which data are being collected and directly reflects the privacy policy of an enterprise.

/pdf/enforcing-p3p-policies-using-a-digital-rights-management-2p5dufjxkl.pdf

Enforcing P3P policies using a digital rights management system

Location-based digital rights management (DRM) refers to a system allowing the owner of an electronic file to specify not only the actions a user is allowed to perform regarding the content, but also restrict the actions to a specified geographical area. A method for retrieving location information is required. One such method is to place wireless access points in areas of interest, requiring a device to be in the vicinity of the correct access point(s) in order to access a file.

/pdf/location-based-drm-using-wifi-access-points-2oga1hw0dp.pdf

Rei Safavi-Naini

Papers

New privacy results on synchronized RFID authentication protocols against tag tracing

Practical RFID ownership transfer scheme

Ranking Attack Graphs with Graph Neural Networks

Enforcing P3P policies using a digital rights management system

Location-based DRM using WiFi access points