Showing 1–14 of 14 results for author: Kuntze, N

Final Architecture Specification of security, privacy, and incentive mechanisms

Authors: Nicolai Kuntze, Juergen Repp, Hervais Simo Fhom, Andreas Fuchs, Ine-Saf Benaissa

Abstract: In this document, we define the NADA security architecture based on refined use case scenarios, a derived high level model and security analysis. For the architecure design and verification we are applying the well known STRIDE model. In this document, we define the NADA security architecture based on refined use case scenarios, a derived high level model and security analysis. For the architecure design and verification we are applying the well known STRIDE model. △ Less

Submitted 17 November, 2009; originally announced November 2009.

Comments: Delieverable of the EU FP7 project Nanodatacenters

SPAM over Internet Telephony and how to deal with it

Authors: Andreas U. Schmidt, Nicolai Kuntze, Rachid El Khayari

Abstract: In our modern society telephony has developed to an omnipresent service. People are available at anytime and anywhere. Furthermore the Internet has emerged to an important communication medium. These facts and the raising availability of broadband internet access has led to the fusion of these two services. Voice over IP or short VoIP is the keyword, that describes this combination. The advantag… ▽ More In our modern society telephony has developed to an omnipresent service. People are available at anytime and anywhere. Furthermore the Internet has emerged to an important communication medium. These facts and the raising availability of broadband internet access has led to the fusion of these two services. Voice over IP or short VoIP is the keyword, that describes this combination. The advantages of VoIP in comparison to classic telephony are location independence, simplification of transport networks, ability to establish multimedia communications and the low costs. Nevertheless one can easily see, that combining two technologies, always brings up new challenges and problems that have to be solved. It is undeniable that one of the most annoying facet of the Internet nowadays is email spam. According to different sources email spam is considered to be 80 to 90 percent of the email traffic produced. The threat of so called voice spam or Spam over Internet Telephony (SPIT) is even more fatal, for the annoyance and disturbance factor is much higher. As instance an email that hits the inbox at 4 p.m. is useless but will not disturb the user much. In contrast a ringing phone at 4 p.m. will lead to a much higher disturbance. From the providers point of view both email spam and voice spam produce unwanted traffic and loss of trust of customers into the service. In order to mitigate this threat different approaches from different parties have been developed. This paper focuses on state of the art anti voice spam solutions, analyses them and reveals their weak points. In the end a SPIT producing benchmark tool will be introduced, that attacks the presented anti voice spam solutions. With this tool it is possible for an administrator of a VoIP network to test how vulnerable his system is. △ Less

Submitted 10 June, 2008; originally announced June 2008.

Comments: 7th annual Conference Information Security South Africa (ISSA 2008) University of Johannesburg, South Africa, 7 -9 July 2008

Trust for Location-based Authorisation

Authors: Andreas U. Schmidt, Nicolai Kuntze, Joerg Abendroth

Abstract: We propose a concept for authorisation using the location of a mobile device and the enforcement of location-based policies. Mobile devices enhanced by Trusted Computing capabilities operate an autonomous and secure location trigger and policy enforcement entity. Location determination is two-tiered, integrating cell-based triggering at handover with precision location measurement by the device. We propose a concept for authorisation using the location of a mobile device and the enforcement of location-based policies. Mobile devices enhanced by Trusted Computing capabilities operate an autonomous and secure location trigger and policy enforcement entity. Location determination is two-tiered, integrating cell-based triggering at handover with precision location measurement by the device. △ Less

Submitted 13 December, 2007; originally announced December 2007.

Comments: To appear in: Proceedings of the Wireless Communications and Networking Conference, IEEE WCNC 2008, Las Vegas, USA, 31 March - 2 April 2008

On the deployment of Mobile Trusted Modules

Authors: Andreas U. Schmidt, Nicolai Kuntze, Michael Kasper

Abstract: In its recently published TCG Mobile Reference Architecture, the TCG Mobile Phone Work Group specifies a new concept to enable trust into future mobile devices. For this purpose, the TCG devises a trusted mobile platform as a set of trusted engines on behalf of different stakeholders supported by a physical trust-anchor. In this paper, we present our perception on this emerging specification. We… ▽ More In its recently published TCG Mobile Reference Architecture, the TCG Mobile Phone Work Group specifies a new concept to enable trust into future mobile devices. For this purpose, the TCG devises a trusted mobile platform as a set of trusted engines on behalf of different stakeholders supported by a physical trust-anchor. In this paper, we present our perception on this emerging specification. We propose an approach for the practical design and implementation of this concept and how to deploy it to a trustworthy operating platform. In particular we propose a method for the take-ownership of a device by the user and the migration (i.e., portability) of user credentials between devices. △ Less

Submitted 13 December, 2007; originally announced December 2007.

Comments: To appear in: Proceedings of the Wireless Communications and Networking Conference, IEEE WCNC 2008, Las Vegas, USA, 31 March - 2 April 2008

Protection of DVB Systems by Trusted Computing

Authors: Nicolai Kuntze, Andreas U. Schmidt

Abstract: We describe a concept to employ Trusted Computing technology to secure Conditional Access Systems (CAS) for DVB. Central is the embedding of a trusted platform module (TPM) into the set-top-box or residential home gateway. Various deployment scenarios exhibit possibilities of charging co-operation with mobile network operators (MNO), or other payment providers. We describe a concept to employ Trusted Computing technology to secure Conditional Access Systems (CAS) for DVB. Central is the embedding of a trusted platform module (TPM) into the set-top-box or residential home gateway. Various deployment scenarios exhibit possibilities of charging co-operation with mobile network operators (MNO), or other payment providers. △ Less

Submitted 14 February, 2007; originally announced February 2007.

Comments: Accepted contribution to the IEEE International Symposium on Broadband Multimedia Systems and Broadcasting 2007, 28-29 March 2007 at the Orange County Convention Center, Orlando, FL, USA; 7 pages, 4 figures

Non-Repudiation in Internet Telephony

Authors: Nicolai Kuntze, Andreas U. Schmidt, Christian Hett

Abstract: We present a concept to achieve non-repudiation for natural language conversations over the Internet. The method rests on chained electronic signatures applied to pieces of packet-based, digital, voice communication. It establishes the integrity and authenticity of the bidirectional data stream and its temporal sequence and thus the security context of a conversation. The concept is close to the… ▽ More We present a concept to achieve non-repudiation for natural language conversations over the Internet. The method rests on chained electronic signatures applied to pieces of packet-based, digital, voice communication. It establishes the integrity and authenticity of the bidirectional data stream and its temporal sequence and thus the security context of a conversation. The concept is close to the protocols for Voice over the Internet (VoIP), provides a high level of inherent security, and extends naturally to multilateral non-repudiation, e.g., for conferences. Signatures over conversations can become true declarations of will in analogy to electronically signed, digital documents. This enables binding verbal contracts, in principle between unacquainted speakers, and in particular without witnesses. A reference implementation of a secure VoIP archive is exhibited. △ Less

Submitted 23 January, 2007; originally announced January 2007.

Comments: Accepted full research paper at IFIP sec2007, Sandton, South Africa, 14-16 May 2007

Trusted Ticket Systems and Applications

Authors: Nicolai Kuntze, Andreas U. Schmidt

Abstract: Trusted Computing is a security base technology that will perhaps be ubiquitous in a few years in personal computers and mobile devices alike. Despite its neutrality with respect to applications, it has raised some privacy concerns. We show that trusted computing can be applied for service access control in a manner protecting users' privacy. We construct a ticket system -- a concept which is at… ▽ More Trusted Computing is a security base technology that will perhaps be ubiquitous in a few years in personal computers and mobile devices alike. Despite its neutrality with respect to applications, it has raised some privacy concerns. We show that trusted computing can be applied for service access control in a manner protecting users' privacy. We construct a ticket system -- a concept which is at the heart of Identity Management -- relying solely on the capabilities of the trusted platform module and the standards specified by the Trusted Computing Group. Two examples show how it can be used for pseudonymous and protected service access. △ Less

Submitted 23 January, 2007; originally announced January 2007.

Comments: Accepted full research paper at IFIP sec2007, Sandton, South Africa, 14-16 May 2007

Trustworthy content push

Authors: Nicolai Kuntze, Andreas U. Schmidt

Abstract: Delivery of content to mobile devices gains increasing importance in industrial environments to support employees in the field. An important application are e-mail push services like the fashionable Blackberry. These systems are facing security challenges regarding data transport to, and storage of the data on the end user equipment. The emerging Trusted Computing technology offers new answers t… ▽ More Delivery of content to mobile devices gains increasing importance in industrial environments to support employees in the field. An important application are e-mail push services like the fashionable Blackberry. These systems are facing security challenges regarding data transport to, and storage of the data on the end user equipment. The emerging Trusted Computing technology offers new answers to these open questions. △ Less

Submitted 17 October, 2007; v1 submitted 11 December, 2006; originally announced December 2006.

Comments: 4 pages, 4 eps figures

Journal ref: Wireless Communications and Networking Conference, 2007.WCNC 2007. IEEE, March 2007 Page(s):2909 - 2912

Employing Trusted Computing for the forward pricing of pseudonyms in reputation systems

Authors: Nicolai Kuntze, Dominique Maehler, Andreas U. Schmidt

Abstract: Reputation and recommendation systems are fundamental for the formation of community market places. Yet, they are easy targets for attacks which disturb a market's equilibrium and are often based on cheap pseudonyms used to submit ratings. We present a method to price ratings using trusted computing, based on pseudonymous tickets. Reputation and recommendation systems are fundamental for the formation of community market places. Yet, they are easy targets for attacks which disturb a market's equilibrium and are often based on cheap pseudonyms used to submit ratings. We present a method to price ratings using trusted computing, based on pseudonymous tickets. △ Less

Submitted 29 August, 2006; v1 submitted 31 July, 2006; originally announced July 2006.

Comments: Refereed contribution to the 4th International Workshop for Technical, Economic and Legal Aspects of Business Models for Virtual Goods, December 13 -15, 2006 on AXMEDIS 2006 in Leeds, England. 5 pages, 3 figures, final version

Security and Non-Repudiation for Voice-Over-IP Conversations

Authors: Christian Hett, Nicolai Kuntze, Andreas U. Schmidt

Abstract: We present a concept to achieve non-repudiation for natural language conversations by electronically signing packet-based, digital, voice communication. Signing a VoIP-based conversation means to protect the integrity and authenticity of the bidirectional data stream and its temporal sequence which together establish the security context of the communication. Our concept is conceptually close to… ▽ More We present a concept to achieve non-repudiation for natural language conversations by electronically signing packet-based, digital, voice communication. Signing a VoIP-based conversation means to protect the integrity and authenticity of the bidirectional data stream and its temporal sequence which together establish the security context of the communication. Our concept is conceptually close to the protocols that embody VoIP and provides a high level of inherent security. It enables signatures over voice as true declarations of will, in principle between unacquainted speakers. We point to trusted computing enabled devices as possible trusted signature terminals for voice communication. △ Less

Submitted 14 June, 2006; originally announced June 2006.

Comments: Poster presentation at the ISSA 2006 From Insight to Foresight Conference, Sandton, South Africa, 5th-7th July 2006

ACM Class: C.2.0

Trusted Computing in Mobile Action

Authors: Nicolai Kuntze, Andreas U. Schmidt

Abstract: Due to the convergence of various mobile access technologies like UMTS, WLAN, and WiMax the need for a new supporting infrastructure arises. This infrastructure should be able to support more efficient ways to authenticate users and devices, potentially enabling novel services based on the security provided by the infrastructure. In this paper we exhibit some usage scenarios from the mobile doma… ▽ More Due to the convergence of various mobile access technologies like UMTS, WLAN, and WiMax the need for a new supporting infrastructure arises. This infrastructure should be able to support more efficient ways to authenticate users and devices, potentially enabling novel services based on the security provided by the infrastructure. In this paper we exhibit some usage scenarios from the mobile domain integrating trusted computing, which show that trusted computing offers new paradigms for implementing trust and by this enables new technical applications and business scenarios. The scenarios show how the traditional boundaries between technical and authentication domains become permeable while a high security level is maintained. △ Less

Submitted 10 June, 2006; originally announced June 2006.

Comments: In: Peer-reviewed Proceedings of the Information Security South Africa (ISSA) 2006 From Insight to Foresight Conference, 5 to 7 July 2006, Sandton, South Africa

ACM Class: C.2.0

A secure archive for Voice-over-IP conversations

Authors: Christian Hett, Nicolai Kuntze, Andreas U. Schmidt

Abstract: An efficient archive securing the integrity of VoIP-based two-party conversations is presented. The solution is based on chains of hashes and continuously chained electronic signatures. Security is concentrated in a single, efficient component, allowing for a detailed analysis. An efficient archive securing the integrity of VoIP-based two-party conversations is presented. The solution is based on chains of hashes and continuously chained electronic signatures. Security is concentrated in a single, efficient component, allowing for a detailed analysis. △ Less

Submitted 7 June, 2006; originally announced June 2006.

Comments: 9 pages, 2 figures. (C) ACM, (2006). This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in Proceedings of VSW06, June, 2006, Berlin, Germany

ACM Class: C.2.0

Transitive trust in mobile scenarios

Authors: Nicolai Kuntze, Andreas U. Schmidt

Abstract: Horizontal integration of access technologies to networks and services should be accompanied by some kind of convergence of authentication technologies. The missing link for the federation of user identities across the technological boundaries separating authentication methods can be provided by trusted computing platforms. The concept of establishing transitive trust by trusted computing enable… ▽ More Horizontal integration of access technologies to networks and services should be accompanied by some kind of convergence of authentication technologies. The missing link for the federation of user identities across the technological boundaries separating authentication methods can be provided by trusted computing platforms. The concept of establishing transitive trust by trusted computing enables the desired crossdomain authentication functionality. The focus of target application scenarios lies in the realm of mobile networks and devices. △ Less

Submitted 13 March, 2006; originally announced March 2006.

Comments: Pre-refereed version. To appear in Proceedings of the International Conference on Emerging Trends in Information and Communication Security (ETRICS 2006), Freiburg im Breisgau, Germany 6th-9th June 2006. Lecture Notes in Computer Science, Springer-Verlag

Security for Distributed Web-Applications via Aspect-Oriented Programming

Authors: Nicolai Kuntze, Thomas Rauch, Andreas U. Schmidt

Abstract: Identity Management is becoming more and more important in business systems as they are opened for third parties including trading partners, consumers and suppliers. This paper presents an approach securing a system without any knowledge of the system source code. The security module adds to the existing system authentication and authorisation based on aspect oriented programming and the liberty… ▽ More Identity Management is becoming more and more important in business systems as they are opened for third parties including trading partners, consumers and suppliers. This paper presents an approach securing a system without any knowledge of the system source code. The security module adds to the existing system authentication and authorisation based on aspect oriented programming and the liberty alliance framework, an upcoming industrie standard providing single sign on. In an initial training phase the module is adapted to the application which is to be secured. Moreover the use of hardware tokens and proactive computing is demonstrated. The high modularisation is achived through use of AspectJ, a programming language extension of Java. △ Less

Submitted 29 July, 2005; originally announced July 2005.

Comments: Refereed contribution to the Conference Information Security South Africa (ISSA 2005) Sandton, South Africa, 29. June - 1. July 2005

ACM Class: K.6.5; D.1.5; D.2