251 resultados para Entity Authentication
Resumo:
Multiple-time signatures are digital signature schemes where the signer is able to sign a predetermined number of messages. They are interesting cryptographic primitives because they allow to solve many important cryptographic problems, and at the same time offer substantial efficiency advantage over ordinary digital signature schemes like RSA. Multiple-time signature schemes have found numerous applications, in ordinary, on-line/off-line, forward-secure signatures, and multicast/stream authentication. We propose a multiple-time signature scheme with very efficient signing and verifying. Our construction is based on a combination of one-way functions and cover-free families, and it is secure against the adaptive chosen-message attack.
Resumo:
Recently, a convex hull-based human identification protocol was proposed by Sobrado and Birget, whose steps can be performed by humans without additional aid. The main part of the protocol involves the user mentally forming a convex hull of secret icons in a set of graphical icons and then clicking randomly within this convex hull. While some rudimentary security issues of this protocol have been discussed, a comprehensive security analysis has been lacking. In this paper, we analyze the security of this convex hull-based protocol. In particular, we show two probabilistic attacks that reveal the user’s secret after the observation of only a handful of authentication sessions. These attacks can be efficiently implemented as their time and space complexities are considerably less than brute force attack. We show that while the first attack can be mitigated through appropriately chosen values of system parameters, the second attack succeeds with a non-negligible probability even with large system parameter values that cross the threshold of usability.
Resumo:
An increasing number of countries are faced with an aging population increasingly needing healthcare services. For any e-health information system, the need for increased trust by such clients with potentially little knowledge of any security scheme involved is paramount. In addition notable scalability of any system has become a critical aspect of system design, development and ongoing management. Meanwhile cryptographic systems provide the security provisions needed for confidentiality, authentication, integrity and non-repudiation. Cryptographic key management, however, must be secure, yet efficient and effective in developing an attitude of trust in system users. Digital certificate-based Public Key Infrastructure has long been the technology of choice or availability for information security/assurance; however, there appears to be a notable lack of successful implementations and deployments globally. Moreover, recent issues with associated Certificate Authority security have damaged trust in these schemes. This paper proposes the adoption of a centralised public key registry structure, a non-certificate based scheme, for large scale e-health information systems. The proposed structure removes complex certificate management, revocation and a complex certificate validation structure while maintaining overall system security. Moreover, the registry concept may be easier for both healthcare professionals and patients to understand and trust.
Resumo:
Pyrido[1,2-a]benzimidazoles1, 2a are interesting compounds both from the viewpoint of medicinal chemistry2–7 (solubility,7 DNA intercalation3) and materials chemistry8 (fluorescence). Of note among the former is the antibiotic drug Rifaximin,5 which contains this heteroaromatic core. The classical synthetic approach for the assembly of pyrido[1,2-a]benzimidazoles is by [3+3] cyclocondensation of benzimidazoles containing a methylene group at C2 with appropriate bielectrophiles.2a However, these procedures are often low-yielding, involve indirect/lengthy sequences, and/or provide access to a limited range of products, primarily providing derivatives with substituents located on the pyridine ring (A ring, Scheme 1).2–4 Theoretically, a good alternative synthetic method for the synthesis of pyrido[1,2-a]benzimidazoles with substituents in the benzene ring (C ring) should be accessible by intramolecular transition-metal-catalyzed CN bond formation in N-(2-chloroaryl)pyridin-2-amines, based on chemistry recently developed in our research group.9 These substrates themselves are easily available through SNAr or selective Pd-catalyzed amination10 of 2-chloropyridine with 2-chloroanilines.11 If a synthetic procedure that eliminated the need for preactivation of the 2-position of the 2-chloroarylamino entity could be developed, this would be even more powerful, as anilines are more readily commercially available than 2-chloroanilines. Therefore the synthesis of pyrido[1,2-a]benzimidazoles (4) by a transition-metal-catalyzed intramolecular CH amination approach from N-arylpyridin-2-amines (3) was explored (Scheme 1).
Resumo:
This paper makes a formal security analysis of the current Australian e-passport implementation using model checking tools CASPER/CSP/FDR. We highlight security issues in the current implementation and identify new threats when an e-passport system is integrated with an automated processing system like SmartGate. The paper also provides a security analysis of the European Union (EU) proposal for Extended Access Control (EAC) that is intended to provide improved security in protecting biometric information of the e-passport bearer. The current e-passport specification fails to provide a list of adequate security goals that could be used for security evaluation. We fill this gap; we present a collection of security goals for evaluation of e-passport protocols. Our analysis confirms existing security weaknesses that were previously identified and shows that both the Australian e-passport implementation and the EU proposal fail to address many security and privacy aspects that are paramount in implementing a secure border control mechanism. ACM Classification C.2.2 (Communication/Networking and Information Technology – Network Protocols – Model Checking), D.2.4 (Software Engineering – Software/Program Verification – Formal Methods), D.4.6 (Operating Systems – Security and Privacy Protection – Authentication)
Resumo:
In this chapter, we discuss four related areas of cryptology, namely, authentication, hashing, message authentication codes (MACs), and digital signatures. These topics represent active and growing research topics in cryptology. Space limitations allow us to concentrate only on the essential aspects of each topic. The bibliography is intended to supplement our survey. We have selected those items which providean overview of the current state of knowledge in the above areas. Authentication deals with the problem of providing assurance to a receiver that a communicated message originates from a particular transmitter, and that the received message has the same content as the transmitted message. A typical authentication scenario occurs in computer networks, where the identity of two communicating entities is established by means of authentication. Hashing is concerned with the problem of providing a relatively short digest–fingerprint of a much longer message or electronic document. A hashing function must satisfy (at least) the critical requirement that the fingerprints of two distinct messages are distinct. Hashing functions have numerous applications in cryptology. They are often used as primitives to construct other cryptographic functions. MACs are symmetric key primitives that provide message integrity against active spoofing by appending a cryptographic checksum to a message that is verifiable only by the intended recipient of the message. Message authentication is one of the most important ways of ensuring the integrity of information that is transferred by electronic means. Digital signatures provide electronic equivalents of handwritten signatures. They preserve the essential features of handwritten signatures and can be used to sign electronic documents. Digital signatures can potentially be used in legal contexts.
Resumo:
The increasing growth in the use of Hardware Security Modules (HSMs) towards identification and authentication of a security endpoint have raised numerous privacy and security concerns. HSMs have the ability to tie a system or an object, along with its users to the physical world. However, this enables tracking of the user and/or an object associated with the HSM. Current systems do not adequately address the privacy needs and as such are susceptible to various attacks. In this work, we analyse various security and privacy concerns that arise when deploying such hardware security modules and propose a system that allow users to create pseudonyms from a trusted master public-secret key pair. The proposed system is based on the intractability of factoring and finding square roots of a quadratic residue modulo a composite number, where the composite number is a product of two large primes. Along with the standard notion of protecting privacy of an user, the proposed system offers colligation between seemingly independent pseudonyms. This new property when combined with HSMs that store the master secret key is extremely beneficial to a user, as it offers a convenient way to generate a large number of pseudonyms using relatively small storage requirements.
Resumo:
Recently a convex hull based human identification protocol was proposed by Sobrado and Birget, whose steps can be performed by humans without additional aid. The main part of the protocol involves the user mentally forming a convex hull of secret icons in a set of graphical icons and then clicking randomly within this convex hull. In this paper we show two efficient probabilistic attacks on this protocol which reveal the user’s secret after the observation of only a handful of authentication sessions. We show that while the first attack can be mitigated through appropriately chosen values of system parameters, the second attack succeeds with a non-negligible probability even with large system parameter values which cross the threshold of usability.
Resumo:
Phishing, a form of on-line identity theft, is a major problem worldwide, accounting for more than $7.5 Billion in losses in the US alone between 2005 and 2008. Australia was the first country to be targeted by Internet bank phishing in 2003 and continues to have a significant problem in this area. The major cyber crime groups responsible for phishing are based in Eastern Europe. They operate with a large degree of freedom due to the inherent difficulties in cross border law enforcement and the current situation in Eastern Europe, particularly in Russia and the Ukraine. They employ highly sophisticated and efficient technical tools to compromise victims and subvert bank authentication systems. However because it is difficult for them to repatriate the fraudulently obtained funds directly they employ Internet money mules in Australia to transfer the money via Western Union or Money gram. It is proposed a strategy, which firstly places more focus by Australian law enforcement upon transactions via Western Union and Money gram to detect this money laundering, would significantly impact the success of the Phishing attack model. This combined with a technical monitoring of Trojan technology and education of potential Internet money mules to avoid being duped would provide a winning strategy for the war on phishing for Australia.
Resumo:
A pseudonym provides anonymity by protecting the identity of a legitimate user. A user with a pseudonym can interact with an unknown entity and be confident that his/her identity is secret even if the other entity is dishonest. In this work, we present a system that allows users to create pseudonyms from a trusted master public-secret key pair. The proposed system is based on the intractability of factoring and finding square roots of a quadratic residue modulo a composite number, where the composite number is a product of two large primes. Our proposal is different from previously published pseudonym systems, as in addition to standard notion of protecting privacy of an user, our system offers colligation between seemingly independent pseudonyms. This new property when combined with a trusted platform that stores a master secret key is extremely beneficial to an user as it offers a convenient way to generate a large number of pseudonyms using relatively small storage.
Resumo:
The first generation e-passport standard is proven to be insecure and prone to various attacks. To strengthen, the European Union (EU) has proposed an Extended Access Control (EAC) mechanism for e-passports that intends to provide better security in protecting biometric information of the e-passport bearer. But, our analysis shows, the EU proposal fails to address many security and privacy issues that are paramount in implementing a strong security mechanism. In this paper we propose an on-line authentication mechanism for electronic passports that addresses the weakness in existing implementations, of both The International Civil Aviation Organisation (ICAO) and EU. Our proposal utilises ICAO PKI implementation, thus requiring very little modifications to the existing infrastructure which is already well established.
Resumo:
Property in an elusive concept. In many respects it has been regarded as a source of authority to use, develop and make decisions about whatever is the subject matter of this right of ownership. This is true whether the holder of this right of ownership is a private entity or a public entity. Increasingly a right of ownership of this kind has been recognised not only as a source of authority but also as a mechanism for restricting or limiting and perhaps even prohibiting existing or proposed activities that impact upon the environment. It is increasingly therefore an instrument of control as much as an instrument of authorisation. The protection and conservation of the environment are ultimately a matter of the public interest. This is not to suggest that the individual holders of rights of ownership are not interested in protecting the environment. It is open to them to do so in the exercise of a right of ownership as a source of authorisation. However a right of ownership – whether private or public – has become increasingly the instrument according to which the environment is protected and conserved. This article addresses these issues from a doctrinal as well as a practical perspective about how the environment is managed. It does so in five ways: ●considering briefly property as a concept ●reviewing property in its historical context ●analysing property as a human right ●examining property in natural resources ●reviewing judicial approaches to property in natural resources.
Resumo:
We identify relation completion (RC) as one recurring problem that is central to the success of novel big data applications such as Entity Reconstruction and Data Enrichment. Given a semantic relation, RC attempts at linking entity pairs between two entity lists under the relation. To accomplish the RC goals, we propose to formulate search queries for each query entity α based on some auxiliary information, so that to detect its target entity β from the set of retrieved documents. For instance, a pattern-based method (PaRE) uses extracted patterns as the auxiliary information in formulating search queries. However, high-quality patterns may decrease the probability of finding suitable target entities. As an alternative, we propose CoRE method that uses context terms learned surrounding the expression of a relation as the auxiliary information in formulating queries. The experimental results based on several real-world web data collections demonstrate that CoRE reaches a much higher accuracy than PaRE for the purpose of RC.
Resumo:
For the past decade, at least, varieties of small, hand held networked instruments have appeared on the global scene, selling in record numbers, and being utilized by all manner of persons from the old to the young; children, women, men, the wealthy and the poor and in all countries. Their presences bespeak a radical shift in telecommunications infrastructure and the future of communications. They are particularly visible in urban areas where mobile transmission network infrastructure (3G, 4G, cellular and Wi-Fi) is more established and substantial, options more plentiful, and density of populations more dramatic. These end user products—I phones, cell phones, Blackberries, DSi, DS, IPads, Zooms, and others – of the mobile communications industry are the latest, hottest globalized commodities. At the same time, wirelessness, or the state of being wireless, and therefore capable of taking along one's networks, communicating from unlikely spaces, and navigating with GPS, is a complex social, political and economic communications phenomenon of early 21st century life. This thesis examines the specter of being wireless in cities. It lends the entire idea an experimentally envisioned, historical and planned context wherein personalization of media tools is seen both as a design development of corporate, artistic, and military imagination, as well as a profound social phenomenon enabling new forms of sharing, belonging, and urban community. In doing that it asserts the parameters of a new mobile space which, aside from clear benefits to humankind by way of mobility, has reinscribed numerous categories including gender. Moreover, it posits the recognition of other, more nuanced theoretical spaces for complex readings of gender and gendered use, including some instantiation of the notion of 'network' itself as a cyborgian and gendered social form. Additionally, cities are studied as places where technology is not only quickly popularized, but is connected to larger political interests, such as the reading of data, tracking of information, and the new security culture. In so doing the work has been undertaken as an urban spatial analysis and experimental ethnography, utilizing architectural, feminist, techno-utopian, industrial and theoretical literatures as discursive underpinnings from whence understandings and interpretations of mobile space, the mobile office, networked mobility, and personal media have come, linking the space of cities to specific, pioneering urban public art projects in which voice, texting and MMS have been utilized in expressions of ubiquitous networks and urban history. Through numerous examples of techno art, the thesis discusses the 'wireless city' as an emerging cultural, socially constructed economic and spatial entity, both conceived and formed through historic processes of urbanization.
Resumo:
Security protocols are designed in order to provide security properties (goals). They achieve their goals using cryptographic primitives such as key agreement or hash functions. Security analysis tools are used in order to verify whether a security protocol achieves its goals or not. The analysed property by specific purpose tools are predefined properties such as secrecy (confidentiality), authentication or non-repudiation. There are security goals that are defined by the user in systems with security requirements. Analysis of these properties is possible with general purpose analysis tools such as coloured petri nets (CPN). This research analyses two security properties that are defined in a protocol that is based on trusted platform module (TPM). The analysed protocol is proposed by Delaune to use TPM capabilities and secrets in order to open only one secret from two submitted secrets to a recipient
