Abstract. Traffic Flow Confidentiality (TFC) mechanisms are techniques devised to hide/masquerade the traffic pattern to prevent statistical traffic analysis attacks. Their inclusion in widespread security protocols, in conjunction with the ability for deployers to flexibly control their operation, might boost their adoption and improve privacy of future networks. This paper describes a TFC protocol integrated, as a security protocol, in the IPsec security architecture. A Linux-based implementation has been developed, supporting a variety of perpacket treatments (padding, fragmentation, dummy packet generation, and artificial alteration of the packet forwarding delay), in an easily combinable manner. Experimental results are reported to demonstrate the flexibility and the effectiveness of the TFC implementation.
This work aims to describe and analyze the new socio economic phenomenon of waste-based circularity. To describe this process of recovery and transformation of waste, which represents the basis of circular economy, it is necessary to understand the complex articulation of the production of goods and materials, their yield and their capacity of transformation. At the heart of all this is a series of human behaviors and habits dictated by legal rules and economic and cultural approaches. If we manage to better understand these behaviors, we can activate a series of processes which could help us to determine and encourage more sustainable behaviors from an environmental, economic and social point of view.
Received: 11 March 2021 / Accepted: 18 April 2021 / Published: 17 May 2021
This paper deals with privacy-preserving (pseudonymized) access to a service resource. In such a scenario, two opposite needs seem to emerge. On one side, the service provider may want to control in first place the user accessing its resources, i.e., without being forced to delegate the management of access permissions to third parties to meet privacy requirements. On the other side, it should be technically possible to trace back the real identity of an user upon dishonest behavior, and of course this must be necessary accomplished by an external authority distinct from the provider itself. The framework described in this paper aims at coping with these two opposite needs. This is accomplished through i) a distributed thirdparty-based instrastructure devised to assign and manage pseudonym certificates, decoupled from ii) a twoparty procedure, devised to bind an authorization permission to a pseudonym certificate with no third-party involvement. The latter procedure is based on a novel blind signature approach which allows the provider to blindly verify, at registration time, that the user possesses the private key of the still undisclosed pseudonym certificate, thus avoiding transferability of the authorization permission.
The 3GPP architecture includes the Multimedia Broadcast Multicast Service (MBMS) to provide efficient broadcast and multicast services. In the 3GPP long-term evolution, the evolved MBMS (e-MBMS) architecture is currently being standardized. Unlike MBMS, the new e-MBMS architecture explicitly raises, as additional security requirement, the protection of the IP multicast user plane. Currently proposed e-MBMS security architectures "limit" themselves to suggest the deployment of Group Security Associations (GSA). In this paper, we start by discussing that, on one side, GSA might not be a sufficiently secure solution in the long run, and on the other side GSA integration within the e-MBMS architecture might not be as straightforward as it might appear. The point made in this paper is that there are sound alternatives to GSA if the goal is to deploy a short-term solution with basically no impact on the current e-MBMS architecture. In particular, we propose to adopt a Secure Multicast Overlay (SMO) approach. To prove the straightforward implementation of SMO we describe how a proof-of-concept test-bed over public domain linux routers. Moreover, a functional comparison between GSA and SMO leads us to the following conclusions: (i) not only SMO provides the same level of security of GSA, but also it achieves a reduced risk of denial of service attacks; (ii) SMO has significant advantages over GSA in terms of impact on the architecture and on device requirements; (iii) security association management and key management in GSA has a greater impact on the performance achievable than in the case of SMO. We believe that these advantages outweigh the performance penalties due to overlay networking overhead.provides much more flexibility than other distribution systems like DVB-H [2] because it includes a return channel and it is able to send information to an arbitrary group of receivers (multicast) in addition to distributing the same channels to all users (broadcast). USER PLANE SECURITY ALTERNATIVES IN THE e-MBMS 475 • The Group Controller and Key Server (GCKS) is the entity that issues and manages the cryptographic keys used by a multicast group; Fig. 2. Multicast security reference rramework.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.