240 resultados para Attack


Relevância:

10.00% 10.00%

Publicador:

Resumo:

In this paper we present a cryptanalysis of a new 256-bit hash function, FORK-256, proposed by Hong et al. at FSE 2006. This cryptanalysis is based on some unexpected differentials existing for the step transformation. We show their possible uses in different attack scenarios by giving a 1-bit (resp. 2-bit) near collision attack against the full compression function of FORK-256 running with complexity of 2^125 (resp. 2^120) and with negligible memory, and by exhibiting a 22-bit near pseudo-collision. We also show that we can find collisions for the full compression function with a small amount of memory with complexity not exceeding 2^126.6 hash evaluations. We further show how to reduce this complexity to 2^109.6 hash computations by using 273 memory words. Finally, we show that this attack can be extended with no additional cost to find collisions for the full hash function, i.e. with the predefined IV.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

Social Engineering (ES) is now considered the great security threat to people and organizations. Ever since the existence of human beings, fraudulent and deceptive people have used social engineering tricks and tactics to trick victims into obeying them. There are a number of social engineering techniques that are used in information technology to compromise security defences and attack people or organizations such as phishing, identity theft, spamming, impersonation, and spaying. Recently, researchers have suggested that social networking sites (SNSs) are the most common source and best breeding grounds for exploiting the vulnerabilities of people and launching a variety of social engineering based attacks. However, the literature shows a lack of information about what types of social engineering threats exist on SNSs. This study is part of a project that attempts to predict a persons’ vulnerability to SE based on demographic factors. In this paper, we demonstrate the different types of social engineering based attacks that exist on SNSs, the purposes of these attacks, reasons why people fell (or did not fall) for these attacks, based on users’ opinions. A qualitative questionnaire-based survey was conducted to collect and analyse people’s experiences with social engineering tricks, deceptions, or attacks on SNSs.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

This book constitutes the refereed proceedings of the 11th International Conference on Cryptology and Network Security, CANS 2012, held in Darmstadt, Germany, in December 2012. The 22 revised full papers, presented were carefully reviewed and selected from 99 submissions. The papers are organized in topical sections on cryptanalysis; network security; cryptographic protocols; encryption; and s-box theory.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

A parallel authentication and public-key encryption is introduced and exemplified on joint encryption and signing which compares favorably with sequential Encrypt-then-Sign (ɛtS) or Sign-then-Encrypt (Stɛ) schemes as far as both efficiency and security are concerned. A security model for signcryption, and thus joint encryption and signing, has been recently defined which considers possible attacks and security goals. Such a scheme is considered secure if the encryption part guarantees indistinguishability and the signature part prevents existential forgeries, for outsider but also insider adversaries. We propose two schemes of parallel signcryption, which are efficient alternative to Commit-then-Sign-and- Encrypt (Ct&G3&S). They are both provably secure in the random oracle model. The first one, called generic parallel encrypt and sign, is secure if the encryption scheme is semantically secure against chosen-ciphertext attacks and the signature scheme prevents existential forgeries against random-message attacks. The second scheme, called optimal parallel encrypt. and sign, applies random oracles similar to the OAEP technique in order to achieve security using encryption and signature components with very weak security requirements — encryption is expected to be one-way under chosen-plaintext attacks while signature needs to be secure against universal forgeries under random-plaintext attack, that is actually the case for both the plain-RSA encryption and signature under the usual RSA assumption. Both proposals are generic in the sense that any suitable encryption and signature schemes (i.e. which simply achieve required security) can be used. Furthermore they allow both parallel encryption and signing, as well as parallel decryption and verification. Properties of parallel encrypt and sign schemes are considered and a new security standard for parallel signcryption is proposed.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

A novel platform consisting of a multilayered substrate, activated graphite-like carbon film, and dense forest of long, vertically-aligned multiwall carbon nanotubes grown by the chemical vapor deposition is designed, fabricated, and tested for covalent immobilization of enzymatic biocatalysts with the aim of protecting them from shear forces and microbial attacks present in bioreactors. The covalent bonding ensures enzyme retention in a flow, while the dense nanotube forest may serve as a protection of the enzymes from microbial attack without impeding the flow of reactants and products. This platform was demonstrated for the two reference enzymes, horseradish peroxidase and catalase, which were immobilized without degrading their biological activity. This combination of an activated carbon layer for an efficient immobilization of biocatalysts with a protective layer of inert carbon nanotubes could dramatically improve the efficiency and longevity of enzymatic bio-catalysis employed in a large variety of advanced biotechnological processes.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

Multi-party key agreement protocols indirectly assume that each principal equally contributes to the final form of the key. In this paper we consider three malleability attacks on multi-party key agreement protocols. The first attack, called strong key control allows a dishonest principal (or a group of principals) to fix the key to a pre-set value. The second attack is weak key control in which the key is still random, but the set from which the key is drawn is much smaller than expected. The third attack is named selective key control in which a dishonest principal (or a group of dishonest principals) is able to remove a contribution of honest principals to the group key. The paper discusses the above three attacks on several key agreement protocols, including DH (Diffie-Hellman), BD (Burmester-Desmedt) and JV (Just-Vaudenay). We show that dishonest principals in all three protocols can weakly control the key, and the only protocol which does not allow for strong key control is the DH protocol. The BD and JV protocols permit to modify the group key by any pair of neighboring principals. This modification remains undetected by honest principals.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

The paper investigates the design of secret sharing that is immune against cheating (as defined by the Tompa-Woll attack). We examine secret sharing with binary shares and secrets. Bounds on the probability of successful cheating are given for two cases. The first case relates to secret sharing based on bent functions and results in a non-perfect scheme. The second case considers perfect secret sharing built on highly nonlinear balanced Boolean functions.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

We study the natural problem of secure n-party computation (in the passive, computationally unbounded attack model) of the n-product function f G (x 1,...,x n ) = x 1 ·x 2 ⋯ x n in an arbitrary finite group (G,·), where the input of party P i is x i  ∈ G for i = 1,...,n. For flexibility, we are interested in protocols for f G which require only black-box access to the group G (i.e. the only computations performed by players in the protocol are a group operation, a group inverse, or sampling a uniformly random group element). Our results are as follows. First, on the negative side, we show that if (G,·) is non-abelian and n ≥ 4, then no ⌈n/2⌉-private protocol for computing f G exists. Second, on the positive side, we initiate an approach for construction of black-box protocols for f G based on k-of-k threshold secret sharing schemes, which are efficiently implementable over any black-box group G. We reduce the problem of constructing such protocols to a combinatorial colouring problem in planar graphs. We then give two constructions for such graph colourings. Our first colouring construction gives a protocol with optimal collusion resistance t < n/2, but has exponential communication complexity O(n*2t+1^2/t) group elements (this construction easily extends to general adversary structures). Our second probabilistic colouring construction gives a protocol with (close to optimal) collusion resistance t < n/μ for a graph-related constant μ ≤ 2.948, and has efficient communication complexity O(n*t^2) group elements. Furthermore, we believe that our results can be improved by further study of the associated combinatorial problems.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

In 2006, Gaurav Gupta and Josef Pieprzyk presented an attack on the branch-based software watermarking scheme proposed by Ginger Myles and Hongxia Jin in 2005. The software watermarking model is based on replacing jump instructions or unconditional branch statements (UBS) by calls to a fingerprint branch function (FBF) that computes the correct target address of the UBS as a function of the generated fingerprint and integrity check. If the program is tampered with, the fingerprint and/or integrity checks change and the target address is not computed correctly. Gupta and Pieprzyk's attack uses debugger capabilities such as register and address lookup and breakpoints to minimize the requirement to manually inspect the software. Using these resources, the FBF and calls to the same is identified, correct displacement values are generated and calls to FBF are replaced by the original UBS transferring control of the attack to the correct target instruction. In this paper, we propose a watermarking model that provides security against such debugging attacks. Two primary measures taken are shifting the stack pointer modification operation from the FBF to the individual UBSs, and coding the stack pointer modification in the same language as that of the rest of the code rather than assembly language to avoid conspicuous contents. The manual component complexity increases from O(1) in the previous scheme to O(n) in our proposed scheme.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

The graft-versus-myeloma (GVM) effect represents a powerful form of immune attack exerted by alloreactive T cells against multiple myeloma cells, which leads to clinical responses in multiple myeloma transplant recipients. Whether myeloma cells are themselves able to induce alloreactive T cells capable of the GVM effect is not defined. Using adoptive transfer of T naive cells into myeloma-bearing mice (established by transplantation of human RPMI8226-TGL myeloma cells into CD122(+) cell-depleted NOD/SCID hosts), we found that myeloma cells induced alloreactive T cells that suppressed myeloma growth and prolonged survival of T cell recipients. Myeloma-induced alloreactive T cells arising in the myeloma-infiltrated bones exerted cytotoxic activity against resident myeloma cells, but limited activity against control myeloma cells obtained from myeloma-bearing mice that did not receive T naive cells. These myeloma-induced alloreactive T cells were derived through multiple CD8(+) T cell divisions and enriched in double-positive (DP) T cells coexpressing the CD8alphaalpha and CD4 coreceptors. MHC class I expression on myeloma cells and contact with T cells were required for CD8(+) T cell divisions and DP-T cell development. DP-T cells present in myeloma-infiltrated bones contained a higher proportion of cells expressing cytotoxic mediators IFN-gamma and/or perforin compared with single-positive CD8(+) T cells, acquired the capacity to degranulate as measured by CD107 expression, and contributed to an elevated perforin level seen in the myeloma-infiltrated bones. These observations suggest that myeloma-induced alloreactive T cells arising in myeloma-infiltrated bones are enriched with DP-T cells equipped with cytotoxic effector functions that are likely to be involved in the GVM effect.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

Dealing with digital medical images is raising many new security problems with legal and ethical complexities for local archiving and distant medical services. These include image retention and fraud, distrust and invasion of privacy. This project was a significant step forward in developing a complete framework for systematically designing, analyzing, and applying digital watermarking, with a particular focus on medical image security. A formal generic watermarking model, three new attack models, and an efficient watermarking technique for medical images were developed. These outcomes contribute to standardizing future research in formal modeling and complete security and computational analysis of watermarking schemes.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

Computer modelling has been used extensively in some processes in the sugar industry to achieve significant gains. This paper reviews the investigations carried out over approximately the last twenty five years,including the successes but also areas where problems and delays have been encountered. In that time the capability of both hardware and software have increased dramatically. For some processes such as cane cleaning, cane billet preparation, and sugar drying, the application of computer modelling towards improved equipment design and operation has been quite limited. A particular problem has been the large number of particles and particle interactions in these applications, which, if modelled individually, is computationally very intensive. Despite the problems, some attempts have already been made and knowledge gained on tackling these issues. Even if the detailed modelling is wanting, a model can provide some useful insights into the processes. Some options to attack these more intensive problems include the use of commercial software packages, which are usually very robust and allow the addition of user-supplied subroutines to adapt the software to particular problems. Suppliers of such software usually charge a fee per CPU licence, which is often problematic for large problems that require the use of many CPUs. Another option to consider is using open source software that has been developed with the capability to access large parallel resources. Such software has the added advantage of access to the full internal coding. This paper identifies and discusses the detail of software options with the potential capability to achieve improvements in the sugar industry.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

The digital era is proving to be one of disruption, where new technologies matched with innovative business models can be harnessed to attack even the most established of companies. For businesses with the relative certainty of captive customer bases, such as airports, the ability to digitally diversify offers the opportunity to venture into new modes of operation. For an airport, this opportunity can also be leveraged to sustain superior customer support regardless of a customer’s location in the world. This research paper presents a case study of the development of an Australian Airport Corporation’s mobile application as part of a greater digital strategy initiative using a design-led approach to innovate. An action research method provides the platform for an intensive embedded practice and study of design-led innovation within the major Australian Airport Corporation. The findings reveal design-led innovation to be a crucial in-house idea generation and concept development capability enabling the bridging of distinct corporate domains associated with commercialisation, operations and customer experience. A Digital Innovation Checklist is presented as an output of this research which structures an organizational approach toward digital channel innovation. The practitioner’s checklist is designed to aid in the future development of digital channels within the broader spectrum of strategy by addressing business assumptions.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

Ubiquitination involves the attachment of ubiquitin to lysine residues on substrate proteins or itself, which can result in protein monoubiquitination or polyubiquitination. Ubiquitin attachment to different lysine residues can generate diverse substrate-ubiquitin structures, targeting proteins to different fates. The mechanisms of lysine selection are not well understood. Ubiquitination by the largest group of E3 ligases, the RING-family E3 s, is catalyzed through co-operation between the non-catalytic ubiquitin-ligase (E3) and the ubiquitin-conjugating enzyme (E2), where the RING E3 binds the substrate and the E2 catalyzes ubiquitin transfer. Previous studies suggest that ubiquitination sites are selected by E3-mediated positioning of the lysine toward the E2 active site. Ultimately, at a catalytic level, ubiquitination of lysine residues within the substrate or ubiquitin occurs by nucleophilic attack of the lysine residue on the thioester bond linking the E2 catalytic cysteine to ubiquitin. One of the best studied RING E3/ E2 complexes is the Skp1/Cul1/F box protein complex, SCFCdc4, and its cognate E2, Cdc34, which target the CDK inhibitor Sic1 for K48-linked polyubiquitination, leading to its proteasomal degradation. Our recent studies of this model system demonstrated that residues surrounding Sic1 lysines or lysine 48 in ubiquitin are critical for ubiquitination. This sequence-dependence is linked to evolutionarily conserved key residues in the catalytic region of Cdc34 and can determine if Sic1 is mono- or poly-ubiquitinated. Our studies indicate that amino acid determinants in the Cdc34 catalytic region and their compatibility to those surrounding acceptor lysine residues play important roles in lysine selection. This may represent a general mechanism in directing the mode of ubiquitination in E2 s.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

Existing evidence for successful silvicultural control of Hypsipyla spp. is conflicting and to a large extent anecdotal. Levels of attack have been correlated with factors such as shade, planting density, species mixtures, site characteristics, etc. These factors have often been poorly defined and are usually interdependent. The actual mechanisms that determine whether or not Hypsipyla spp. adversely affects plants we define as host-finding, host suitability, host recovery and natural enemies. These mechanisms can be influenced by the silvicultural techniques applied to a stand. Success of silvicultural techniques can usually be attributed to more than one mechanism and it is difficult to assess which is most the important for minimising the impact of Hypsipyla as these analytical data are lacking. This highlights the need for further research on silvicultural methods for controlling Hypsipyla spp. However, several silvicultural techniques that are briefly described show promise for improving the performance of future plantations. Examples of silvicultural control are reviewed with reference to these mechanisms.