, Protocoles pour le produit scalaire avec Paillier 2048 bits (un coeur, i5-4690 3.50GHz) Random Ring (corruption max) P-MPWP Random Ring

, E(a) c E(b) d = E(ac + bd)

, E(a) d E(b) c = E(ad + bc)

E. (b)-d-=-e,

, Les trois premières égalités nous montrent qu'en utilisant un couple a, b chiffré et un couple c, d clair, nous obtenons un résultat chiffré. Pour la dernière égalité, il suffit d'utiliser la clef publique adéquate pour chiffrer uniquement le coefficient c

, nous avons donc montré qu'il est possible de calculer l'agrégation de confiance de manière privée, c.-à-d. en appliquant une fonction de chiffrement sur les couples modélisant la confiance

A. Confiance, En utilisant les résultats précédents (7.1), nous montrons qu'il est possible d'utiliser les protocoles calculant un produit scalaire (présentés dans les sections 4 et 5) de manière distribuée et sûre pour calculer l

, Le protocole DSDP décrit par l'algorithme (20) est applicable aux valeurs de confiance, à condition que les valeurs aléatoires r i soient inversibles pour . Démonstration. ? u i , v i , r i , c i , ? i , ? i , ? i , ? sont maintenant écrites sous forme de couple. Par exemple, les entrées secrètes u i représentent désormais des valeurs de confiance, Corollaire, vol.37

, E(?), etc.) sont appliquées sur des couples, ? Les fonctions de chiffrement et déchiffrement (E(v i ), D(? i ), E(? i )

, ? ? i est E((u i v i )r i ) = Add

, et peut toujours être calculé par P 1 , puisque c i = E(v i ), et que u i et r i sont connues par ce dernier

. De,

?. and ). ,

?. Finalement, comme l'opérateur est commutatif, S peut être calculé en ajoutant les inverses de r i pour

, la d-agrégation de confiance est un produit scalaire légèrement modifié pour ne pas inclure la valeur u 1 v 1. En conséquence, il suffit de remplacer la ligne (3) de l'algorithme (31), s ? a i, j b i, j , par l

, Nous devons maintenant encoder les valeurs de confiance, qui sont des proportions dans

. , p ? 1) + (2 p ? 1)(2 p ? 1) = 2 2p+1 ? 2 p+2 + 2 < 2 2p+1 ? 1, avec p un entier positif. Par récurrence, en agrégeant k de ces coefficients avec

C. V. Protocoles, AGRÉGATION DE CONFIANCE consiste à utiliser un horodateur agissant comme tiers de confiance : les adversaires ne seraient alors plus en mesure de prévoir leur placement à l'avance

J. Aas, Let's encrypt : Delivering ssl/tls everywhere, Let's Encrypt, vol.18, 2014.

A. Armando, D. Basin, Y. Boichut, Y. Chevalier, L. Compagna et al., The avispa tool for the automated validation of internet security protocols and applications, International Conference on Computer Aided Verification, pp.281-285, 2005.
URL : https://hal.archives-ouvertes.fr/inria-00000408

M. Arapinis, S. Delaune, and S. Kremer, Dynamic tags for security protocols, Logical Methods in Computer Science, vol.10, issue.2, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01090766

A. Amirbekyan and V. Estivill-castro, A new efficient privacy-preserving scalar product protocol, AusDM, pp.209-214, 2007.

. Mikhail-j-atallah, G. Hicham, V. Elmongui, L. Deshpande, and . Schwarz, Secure supply-chain protocols, E-Commerce, 2003. CEC 2003. IEEE International Conference on, pp.293-302, 2003.

R. M. Amadio, D. Lugiez, and V. Vanackère, On the symbolic reduction of processes with cryptographic functions, Theor. Comput. Sci, vol.290, issue.1, pp.695-740, 2003.
URL : https://hal.archives-ouvertes.fr/inria-00072478

A. , Référentiel général de sécurité, annexe b1, mécanismes cryptographiques, règles et recommendations concernant le choix et le dimensionnement des mécanismes cryptographiques, 2014.

A. , Protection profile of an industrial firewall. Agence nationale de la sécurité des systèmes d'information, 2015.

M. Abadi and P. Rogaway, Reconciling two views of cryptography, Proceedings of the IFIP International Conference on Theoretical Computer Science, pp.3-22, 2000.

A. Aziz, The evolution of cyber attacks and next generation threat protection, RSA Conference, 2013.

N. Batir, Sharp bounds for the psi function and harmonic numbers, Mathematical inequalities and applications, vol.14, issue.4, 2011.

E. B. Barker, W. C. Barker, W. E. Burr, W. T. Polk, and M. E. Smid, Sp 800-57. recommendation for key management, part 1 : General (revised), 2007.

T. Barker and C. Cheese, The application of data diodes for securely connecting nuclear power plant safety systems to the corporate it network, 7th IET International Conference on System Safety, incorporating the Cyber Security Conference 2012, pp.1-6, 2012.

D. Basin, C. Cremers, J. Dreier, S. Meier, S. Radomirovic et al., , pp.2018-2023

D. Basin, C. Cremers, T. Kim, A. Perrig, R. Sasse et al., ARPKI : Attack resilient public-key infrastructure, Proceedings of the ACM Conference on Computer and Communications Security (CCS), pp.382-393, 2014.

B. Badrignans, V. Danjean, J. Dumas, P. Elbaz-vincent, S. Machenaud et al., Security architecture for point-to-point splitting protocols, IEEE World Congress on Industrial Control Systems Security, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01657605

R. Bendlin, I. Damgård, C. Orlandi, and S. Zakarias, Semi-homomorphic encryption and multiparty computation, Advances in Cryptology-EUROCRYPT 2011, vol.6632, pp.169-188, 2011.

J. Benaloh, Dense probabilistic encryption, First Annual Workshop on Selected Areas in Cryptography, pp.120-128, 1994.

E. J. Byres, M. Franz, and D. Miller, The use of attack trees in assessing vulnerabilities in scada systems, IEEE Conf. International Infrastructure Survivability Workshop (IISW '04). Institute for Electrical and Electronics Engineers, 2004.

A. Boldyreva, M. Fischlin, A. Palacio, and B. Warinschi, A closer look at PKI : Security and efficiency, Public Key CryptographyPKC 2007 : 10th International Conference on Practice and Theory in Public-Key Cryptography, pp.458-475, 2007.

S. Bouzefrane, K. Garri, and P. Thoniel, A user-centric PKI based-protocol to manage FC 2 digital identities, International Journal of Computer Science, vol.8, issue.1, pp.1694-0814, 2011.

A. Bindra, Securing the power grid : Protecting smart grids and connected power systems from cyberattacks, IEEE Power Electronics Magazine, vol.4, issue.3, pp.20-27, 2017.

B. Blanchet, Cryptographic Protocol Verifier User Manual, 2004.

B. Blanchet, Automatic verification of security protocols in the symbolic model : the verifier ProVerif, Foundations of Security Analysis and Design VII, FOSAD Tutorial Lectures, vol.8604, pp.54-87, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01102136

J. Bau and J. C. Mitchell, A security evaluation of DNSSEC with NSEC3, Proceedings of the Network and Distributed System Security Symposium, NDSS 2010, p.28

. February-3rd, , 2010.

D. Basin, S. Mödersheim, and L. Viganò, An on-the-fly model-checker for security protocol analysis, Computer Security-ESORICS 2003 : 8th European Symposium on Research in Computer Security, pp.253-270, 2003.

A. Stuart and . Boyer, Scada : Supervisory Control And Data Acquisition, International Society of Automation, 2009.

J. Baek, R. Safavi-naini, and W. Susilo, Certificateless public key encryption without pairing, Information Security, 8th International Conference, vol.3650, pp.134-148, 2005.

R. Canetti, Universally composable security : A new paradigm for cryptographic protocols, Proceedings. 42nd IEEE Symposium on, pp.136-145, 2001.

-. Hubert-comon and V. Cortier, Security properties : two agents are sufficient, Sci. Comput. Program, vol.50, issue.1-3, pp.51-71, 2004.

-. Hubert-comon and S. Delaune, The finite variant property : How to get rid of some algebraic properties, Term Rewriting and Applications, 16th International Conference, RTA 2005, vol.3467, pp.294-307, 2005.

. Springer, , 2005.

R. Cramer and I. B. Damgård, Secure multiparty computation, 2015.

R. Cramer, I. Damgård, and J. B. Nielsen, Multiparty computation from threshold homomorphic encryption, Advances in Cryptology-EUROCRYPT 2001 : International Conference on the Theory and Application of Cryptographic Techniques Innsbruck, pp.280-300, 2001.

, Censys. censys.io. Accessed, pp.2018-2023

C. Clifton, M. Kantarcioglu, J. Vaidya, X. Lin, and M. Y. Zhu, Tools for privacy preserving distributed data mining, SIGKDD Explor. Newsl, vol.4, issue.2, pp.28-34, 2002.

V. Cortier, S. Kremer, and B. Warinschi, A survey of symbolic methods in computational analysis of cryptographic systems, Journal of Automated Reasoning, vol.46, issue.3-4, pp.225-259, 2011.
URL : https://hal.archives-ouvertes.fr/inria-00379776

D. Cooper, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280, 2008.

M. Cornelie, Implementations and protections of software and hardware cryptographic mechanisms, 2016.
URL : https://hal.archives-ouvertes.fr/tel-01377372

W. Du and M. J. Atallah, Privacy-preserving cooperative statistical analysis, Proceedings of the 17th Annual Computer Security Applications Conference, ACSAC '01, pp.102-110, 2001.

S. Delaune, An undecidability result for AGh. Theor. Comput. Sci, vol.368, issue.1-2, pp.161-167, 2006.

S. Dolev, N. Gilboa, and M. Kopeetsky, Computing multiparty trust privately : in O(n) time units sending one (possibly large) message at a time, Proceedings of the 2010 ACM Symposium on Applied Computing, SAC '10, pp.1460-1465, 2010.

J. , G. Dumas, and H. Hossayni, Matrix powers algorithm for trust evaluation in PKI architectures, STM'2012, Proceedings of the eigth International Workshop on Security and Trust Management, vol.7783, pp.129-144, 2012.

J. Wiebren-de and D. Chaum, Attacks on some rsa signatures, Cryptology-CRYPTO '85 Proceedings, pp.18-27, 1986.

Z. Durumeric, J. Kasten, M. Bailey, J. Dumas, P. Lafourcade et al., LocalPKI : A user-centric formally proven alternative to PKIX, Pierangela Samarati, editor, 14th International Conference on Security and Cryptography, p.12, 2013.

N. Durgin, P. Lincoln, J. Mitchell, and A. Scedrov, Multiset rewriting and the complexity of bounded security protocols, Journal of Computer Security, vol.12, issue.2, pp.247-311, 2004.

J. Dumas, P. Lafourcade, J. Orfila, and M. Puys, Private multi-party matrix multiplication and trust computations, 13th International Conference on Security and Cryptography, pp.61-72, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01344750

J. Dumas, P. Lafourcade, J. Orfila, and M. Puys, Dual protocols for private multi-party matrix multipliBIBLIOGRAPHIE cation and trust computations, Computers & Security, issue.71, pp.51-70, 2017.

J. Dumas, P. Lafourcade, and P. Redon, Architectures PKI et communications sécurisées. Dunod, 2015.

I. Damgård, V. Pastro, N. Smart, and S. Zakarias, Multiparty computation from somewhat homomorphic encryption, Advances in Cryptology-CRYPTO 2012, vol.7417, pp.643-662, 2012.

D. Denys, . Davies, C. G. Kenneth, and . Thompson, Firewall seal, US Patent, vol.4, p.28, 1988.

D. Dolev and A. Yao, On the security of public key protocols, IEEE Transactions on Information Theory, vol.29, issue.2, pp.198-208, 1983.

D. Eastlake, Transport layer security (tls) extensions : Extension definitions. RFC 6066, RFC Editor, 2011.
DOI : 10.17487/rfc6066

URL : https://www.rfc-editor.org/rfc/pdfrfc/rfc6066.txt.pdf

N. Simon, W. M. Foley, B. Adams, and . Sullivan, Aggregating trust using triangular norms in the keynote trust management system, Security and Trust Management-6th International Workshop, STM 2010, vol.6710, pp.100-115, 2010.

L. Fousse, P. Lafourcade, and M. Alnuaimi, Benaloh's dense probabilistic encryption revisited, Progress in Cryptology-AFRICACRYPT 2011-4th International Conference on Cryptology in Africa, vol.6737, pp.348-362, 2011.
DOI : 10.1007/978-3-642-21969-6_22

URL : http://www-verimag.imag.fr/~plafourc/PAPERS/FLA11.pdf

N. Falliere, L. O. Murchu, and E. Chien, W32. stuxnet dossier. White paper, Symantec Corp, Security Response, vol.5, 2011.

E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Stern, RSA-OAEP is secure under the RSA assumption, Annual International Cryptology Conference, pp.260-274, 2001.
DOI : 10.1007/s00145-002-0204-y

URL : http://www.di.ens.fr/~stern/data/St101b.ps

C. Gentry, Certificate-based encryption and the certificate revocation problem, Proceedings of the 22Nd International Conference on Theory and Applications of Cryptographic Techniques, EUROCRYPT'03, pp.272-293, 2003.
DOI : 10.1007/3-540-39200-9_17

URL : https://link.springer.com/content/pdf/10.1007%2F3-540-39200-9_17.pdf

V. Ramanathan, R. Guha, P. Kumar, A. Raghavan, and . Tomkins, Propagation of trust and distrust, Proceedings of the 13th international conference on World Wide Web, pp.403-412, 2004.

S. Goldwasser and S. Micali, Probabilistic encryption, Journal of Computer and System Sciences, vol.28, issue.2, pp.270-299, 1984.
DOI : 10.1016/0022-0000(84)90070-9

URL : https://doi.org/10.1016/0022-0000(84)90070-9

, Basic Applications, Oded Goldreich. Foundations of Cryptography, vol.2, 2004.

, Stonesoft next generation firewall (ndpp11e3/stffe10) security target, 2016.

J. Huang and D. M. Nicol, A formal-semantics-based calculus of trust, IEEE Internet Computing, vol.14, issue.5, pp.38-46, 2010.

N. Jacob, J. Heyszl, A. Zankl, C. Rolfes, and G. Sigl, How to break secure boot on fpga socs through malicious hardware, International Conference on Cryptographic Hardware and Embedded Systems, pp.425-442, 2017.

J. Jonsson, K. Moriarty, B. Kaliski, and A. Rusch, PKCS#1 : RSA cryptography specifications version 2.2, 2016.

A. Jøsang, Probabilistic logic under uncertainty, Theory of Computing 2007. Proceedings of the Thirteenth Computing : The Australasian Theory Symposium (CATS2007), vol.65, pp.101-110, 2007.

G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock et al., sel4 : Formal verification of an os kernel, Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles, SOSP '09, pp.207-220, 2009.

T. Kim, L. Huang, and A. Perrig, Accountable key infrastructure (aki) : A proposal for a public-key validation infrastructure, Proceedings of the 22Nd International Conference on World Wide Web, WWW '13, pp.679-690, 2013.

O. Kirch, Opensc-smart cards on linux, Proc. of the 10th International Linux System Technology Conference, 2003.

S. Kent, D. Kong, and K. Seo, Template for a certification practice statement (cps) for the resource pki (rpki), BCP, vol.173, 2015.

S. Kent, D. Kong, K. Seo, and R. Watro, Certificate policy (cp) for the resource public key infrastructure (rpki). BCP 173, RFC Editor, 2012.

J. Katz and Y. Lindell, Introduction to modern cryptography, 2014.

O. M. Kolkman, M. Mekking, and R. , Miek) Gieben. DNSSEC Operational Practices, Version 2. RFC 6781, 2012.

M. Loren and . Kohnfelder, Towards a practical public-key cryptosystem, 1978.

T. Kause and M. Peylo, Internet X.509 Public Key Infrastructure-HTTP Transfer for the Certificate Management Protocol (CMP). RFC 6712, 2012.

H. Krawczyk and H. Wee, The optls protocol and tls 1.3, Security and Privacy (EuroS&P), pp.81-96, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01378195

R. Lipovsky and A. Cherepanov, Blackenergy trojan strikes again : Attacks ukrainian electric power industry, 2016.

Y. Lindell, Secure computation for privacy preserving data mining, Encyclopedia of Data Warehousing and Mining, pp.1747-1752, 2009.

Y. Lindell, How to Simulate It-A Tutorial on the Simulation Proof Technique, pp.277-346, 2017.

B. Laurie, A. Langley, and E. Kasper, Certificate authority transparency and auditability, p.22, 2011.

B. Laurie, A. Langley, and E. Kasper, Certificate transparency, 2013.

. Robert-j-mceliece, A public-key cryptosystem based on algebraic coding theory, vol.4244, pp.114-116, 1978.

J. L. Muñoz, O. Esparza, J. Forné, and E. Pallares, Hocsp : A protocol to reduce the processing burden in online certificate status validation, Electronic Commerce Research, vol.8, issue.4, p.255, 2008.

C. Ralph and . Merkle, A digital signature based on a conventional encryption function, Advances in CryptologyCRYPTO '87, pp.369-378, 1988.

S. Mavrovouniotis and M. Ganley, Hardware Security Modules, pp.383-405, 2014.

P. Mohassel, Efficient and secure delegation of linear algebra, IACR Cryptology ePrint Archive, p.605, 2011.

. Mozilla and . Wosign-firefox, , pp.2018-2022

S. Meier, B. Schmidt, C. Cremers, and D. A. Basin, The TAMARIN prover for the symbolic analysis of security protocols, Computer Aided Verification-25th International Conference, CAV 2013, vol.8044, pp.696-701, 2013.

P. Muncaster, Stuxnet-like attacks beckon as 50 new scada threats discovered, 2011.

C. Miller and C. Valasek, A survey of remote automotive attack surfaces. black hat USA, 2014.

M. Roger, M. Needham, and . Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM, vol.21, issue.12, pp.993-999, 1978.

. Nss-labs, Next generation firewall, 2016.

H. Okhravi, T. Fredrick, J. Sheldon, and . Haines, Data diodes in support of trustworthy cyber infrastructure and net-centric cyber decision support, Optimization and Security Challenges in Smart Power Grids, pp.203-216, 2013.

, National Institute of Standards and Technology. Security requirements for cryptographic modules, fips pub 140-2

H. Lawrence, A. D. Ozarow, and . Wyner, Wire-tap channel II, LNCS, vol.84, pp.33-50

. Springer, , 1984.

P. Paillier, Public-key cryptosystems based on composite degree residuosity classes, Advances in Cryptology BIBLIOGRAPHIE-EUROCRYPT '99, International Conference on the Theory and Application of Cryptographic Techniques, vol.1592, pp.223-238, 1999.

J. W. Pirc, Ssl performance problems, 2013.

J. Pescatore and G. Young, Defining the next-generation firewall

. Gartner-ras-core-research-note, , 2009.

P. Rouget, B. Badrignans, P. Benoit, and L. Torres, Secboot-lightweight secure boot mechanism for linux-based embedded systems on fpgas, Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC), 2017 12th International Symposium on, pp.1-5, 2017.
URL : https://hal.archives-ouvertes.fr/lirmm-02081037

A. Ronald-l-rivest, L. Shamir, and . Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, vol.21, issue.2, pp.120-126, 1978.

R. Laboratories, PKCS11 cryptographic token interface standard, version 2.40, 2014.

M. Rusinowitch and M. Turuani, Protocol insecurity with a finite number of sessions, composed keys is np-complete, Theor. Comput. Sci, vol.299, issue.1-3, pp.451-475, 2003.
URL : https://hal.archives-ouvertes.fr/inria-00103985

R. Reddy and C. Wallace, Trust anchor management requirements. RFC 6024, RFC Editor, 2010.

. Mark-dermot-ryan, Enhanced certificate transparency and endto-end encrypted mail, 21st Annual Network and Distributed System Security Symposium, 2014.

S. Santesson, R. Ankney, M. Myers, and A. Malpani, Slava Galperin, and Dr. Carlisle Adams. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol-OCSP. RFC 6960, 2013.

S. Ravi, E. J. Sandhu, H. L. Coyne, C. E. Feinstein, and . Youman, Role-based access control models, Computer, vol.29, issue.2, pp.38-47, 1996.

B. Schneier, Applied Cryptography (2nd Ed.) : Protocols, Algorithms, and Source Code in C, 1995.

S. S. Shepard, R. Dong, R. Kresman, and L. Dunning, Anonymous id assignment and opt-out, Electronic Engineering and Computing Technology, pp.419-431, 2010.

D. Shanks, Class number, a theory of factorization, and genera, Proc. of Symp. Math. Soc, vol.20, pp.41-440, 1971.

A. Shamir, How to share a secret, Commun. ACM, vol.22, issue.11, pp.612-613, 1979.

T. Skybakmoen, Next generation firewall comparative analysis, 2014.

B. Schmidt, S. Meier, J. F. Cas, D. A. Cremers, and . Basin, Automated analysis of diffie-hellman protocols and advanced security properties, 25th IEEE Computer Security Foundations Symposium, CSF 2012, pp.78-94, 2012.

M. Stevens and M. Pope, Data diodes, 1995.

K. Schmidt, -. Samoa, and T. Takagi, Paillier's cryptosystem modulo p2q and its applications to trapdoor commitment schemes, International Conference on Cryptology in Malaysia, pp.296-313

. Springer, , 2005.

S. Thomason, Improving network security : next generation firewalls and advanced packet inspection devices, Global Journal of Computer Science and Technology, 2012.

, Rose Tsang. Cyberthreats, vulnerabilities and attacks on scada networks, 2010.

M. Turuani, The CL-Atse Protocol Analyser, 17th International Conference on Term Rewriting and Applications-RTA, vol.4098, pp.277-286, 2006.
URL : https://hal.archives-ouvertes.fr/inria-00103573

D. Das and U. , The universal boot loader, 2013.

J. Vcelak, S. Goldberg, and D. Papadopoulos, NSEC5, DNSSEC Authenticated Denial of Existence, 2016.

I. Wang, C. Hao-shen, T. Hsu, C. Liao, D. Wang et al., Towards empirical aspects of secure scalar product, ISA 2008. International Conference on, pp.573-578, 2008.

D. Wilkins, Uefi firmware security best practices, 2014.

W. Wang and Z. Lu, Cyber security in the smart grid : Survey and challenges, Computer Networks, vol.57, issue.5, pp.1344-1371, 2013.

Y. Watanabe, J. Shikata, and H. Imai, Equivalence between semantic security and indistinguishability against chosen ciphertext attacks, Public Key CryptographyPKC 2003, pp.71-84, 2002.

A. C. Yao, Protocols for secure computations, IEEE 54th, 2013.

, Annual Symposium on Foundations of Computer Science, vol.0, pp.160-164, 1982.

J. Yu, V. Cheval, and M. Ryan, DTKI : A new formalized PKI with verifiable trusted parties, Comput. J, vol.59, issue.11, pp.1695-1713, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01403899

D. Yao, R. Tamassia, and S. Proctor, Private distributed scalar product protocol with application to privacy-preserving computation of trust, Trust Management : Proceedings of IFIPTM 2007 : Joint iTrust and PST Conferences on Privacy, Trust Management and Security, pp.1-16, 2007.

P. R. Zimmermann, The Official PGP User's Guide, 1995.

K. Zeilenga and A. Melnikov, Simple Authentication and Security Layer (SASL). RFC 4422, 2006.