[PDF] Top 20 On the Universally Composable Security of OpenStack

... We then construct a new, stronger one-time token mechanism that is a more stringent variant of the mechanism proposed in [25], and we prove that this mechanism suffices for realizing an ideal cloud that provides some ... See full document

... The protection from attacks from outside the network is a well understood problem and has become the business model of many companies. Firewalls are considered a secure black box which protects the network from attacks. ... See full document

... a proposal for OT based on the RLWE assumption and achieving security in the UC-framework was presented. However, the scheme does not provide security for the receiver. More precisely, the signal function ... See full document

... strong security guarantees (like UC) by allowing parties to use hardware boxes that have certain security ...of security required from such a hardware box is that of tamper-proofness ; ...UC ... See full document

... The works of [MTC13, KMO + 14], which are set in the Abstract Cryptography setting of [MR11], have a similar modeling shortcoming: the public key infrastructure is modeled as local to the protocol instance. Furthermore, ... See full document

... the security requirements a reputation system has to fulfill include - but are not limited to - anonymity for raters, unforgeability and public linkability of ratings, and the ability to determine the raters’ ... See full document

... Remark 2 (Unobservability as a golden standard for email privacy). In our UC formalization of e-mail ecosystems, we consider a dynamic scenario where the clients register, go online/offline and make custom fetch ... See full document

... Other results and sub-protocols. As an additional result, we improve the result of [37] by removing the need of collision-resistant hash functions, and apply our transformation to obtain an obfuscation protocol in the ... See full document

... [19]. Security is proven in a static corruption model without relying on random oracles under the Hidden Strong Diffie-Hellman, Triple Diffie-Hellman, Decisional linear and Square Decisional Bilinear ... See full document

... 5. Martin Burkhart, Mario Strasser, Dilip Many, and Xenofontas Dimitropoulos. SEPIA: Privacy-preserving aggregation of multi-domain network events and statis- tics. In USENIX Security Symposium, pages 223–239, ... See full document

... In addition to these two models of computation, the UC framework also considers the G-hybrid world, where the computation proceeds as in the real-world with the ad- ditional assumption that the parties have access to an ... See full document

... The universal composability (UC) framework [7] provides a way of analyzing protocols while en- suring strong security guarantees. In particular, protocols proven secure in this framework remain secure when run ... See full document

... prove security of our NIKE’ scheme from Definition ...weaker security notion for NIKE, which we call weakCKS ++ ...mentioned security notions for NIKE, an adversary against a NIKE scheme has to ... See full document

... notion (static corruptions) in Theorem 4.3. However, as our main contribution, we mend the aforementioned problem by adding a random oracle G to the protocol description and thereby attaining greater flexibility in our ... See full document

... The UC framework defines the security goal of a protocol by an ideal functionality, which acts as a trusted third party. A good property of UC is the composability: a protocol π communicating with an ideal ... See full document

... Our second observation is that in the context of one-sided adaptive security, it is sufficient to rely on a weaker variant of NCE, namely, one that is secure against only a single adaptive corruption [KO04, HP14]. ... See full document

... hardware security modules (HSM) or key-management servers to separate highly sensitive cryptographic operations from more vulnerable parts of the ...the security of APIs on the logical level adapting ... See full document

... formulating security in various areas of cryptography. However security definitions based on simulation are generally harder to work with than game based definitions, often resulting in more complicated ... See full document

... A more significant difference arises in the context of corruption. In the full UC model, an ideal functionality is modeled as a subroutine of the main protocol instance. Therefore, parties “send” messages/inputs to an ... See full document

... first universally composable (UC) treatment of cryptographic ...basic security properties of accumulators: correctness and ...the security proofs of existing systems that leverage such ... See full document