473 resultados para Personal Security.
Resumo:
In this paper, the security of two recent RFID mutual authentication protocols are investigated. The first protocol is a scheme proposed by Huang et al. [7] and the second one by Huang, Lin and Li [6]. We show that these two protocols have several weaknesses. In Huang et al.’s scheme, an adversary can determine the 32-bit secret password with a probability of 2−2 , and in Huang-Lin-Li scheme, a passive adversary can recognize a target tag with a success probability of 1−2−4 and an active adversary can determine all 32 bits of Access password with success probability of 2−4 . The computational complexity of these attacks is negligible.
The suffix-free-prefix-free hash function construction and its indifferentiability security analysis
Resumo:
In this paper, we observe that in the seminal work on indifferentiability analysis of iterated hash functions by Coron et al. and in subsequent works, the initial value (IV) of hash functions is fixed. In addition, these indifferentiability results do not depend on the Merkle–Damgård (MD) strengthening in the padding functionality of the hash functions. We propose a generic n -bit-iterated hash function framework based on an n -bit compression function called suffix-free-prefix-free (SFPF) that works for arbitrary IV s and does not possess MD strengthening. We formally prove that SFPF is indifferentiable from a random oracle (RO) when the compression function is viewed as a fixed input-length random oracle (FIL-RO). We show that some hash function constructions proposed in the literature fit in the SFPF framework while others that do not fit in this framework are not indifferentiable from a RO. We also show that the SFPF hash function framework with the provision of MD strengthening generalizes any n -bit-iterated hash function based on an n -bit compression function and with an n -bit chaining value that is proven indifferentiable from a RO.
Resumo:
At CRYPTO 2006, Halevi and Krawczyk proposed two randomized hash function modes and analyzed the security of digital signature algorithms based on these constructions. They showed that the security of signature schemes based on the two randomized hash function modes relies on properties similar to the second preimage resistance rather than on the collision resistance property of the hash functions. One of the randomized hash function modes was named the RMX hash function mode and was recommended for practical purposes. The National Institute of Standards and Technology (NIST), USA standardized a variant of the RMX hash function mode and published this standard in the Special Publication (SP) 800-106. In this article, we first discuss a generic online birthday existential forgery attack of Dang and Perlner on the RMX-hash-then-sign schemes. We show that a variant of this attack can be applied to forge the other randomize-hash-then-sign schemes. We point out practical limitations of the generic forgery attack on the RMX-hash-then-sign schemes. We then show that these limitations can be overcome for the RMX-hash-then-sign schemes if it is easy to find fixed points for the underlying compression functions, such as for the Davies-Meyer construction used in the popular hash functions such as MD5 designed by Rivest and the SHA family of hash functions designed by the National Security Agency (NSA), USA and published by NIST in the Federal Information Processing Standards (FIPS). We show an online birthday forgery attack on this class of signatures by using a variant of Dean’s method of finding fixed point expandable messages for hash functions based on the Davies-Meyer construction. This forgery attack is also applicable to signature schemes based on the variant of RMX standardized by NIST in SP 800-106. We discuss some important applications of our attacks and discuss their applicability on signature schemes based on hash functions with ‘built-in’ randomization. Finally, we compare our attacks on randomize-hash-then-sign schemes with the generic forgery attacks on the standard hash-based message authentication code (HMAC).
Resumo:
We present some improved analytical results as part of the ongoing work on the analysis of Fugue-256 hash function, a second round candidate in the NIST’s SHA3 competition. First we improve Aumasson and Phans’ integral distinguisher on the 5.5 rounds of the final transformation of Fugue-256 to 16.5 rounds. Next we improve the designers’ meet-in-the-middle preimage attack on Fugue-256 from 2480 time and memory to 2416. Finally, we comment on possible methods to obtain free-start distinguishers and free-start collisions for Fugue-256.
Resumo:
Halevi and Krawczyk proposed a message randomization algorithm called RMX as a front-end tool to the hash-then-sign digital signature schemes such as DSS and RSA in order to free their reliance on the collision resistance property of the hash functions. They have shown that to forge a RMX-hash-then-sign signature scheme, one has to solve a cryptanalytical task which is related to finding second preimages for the hash function. In this article, we will show how to use Dean’s method of finding expandable messages for finding a second preimage in the Merkle-Damgård hash function to existentially forge a signature scheme based on a t-bit RMX-hash function which uses the Davies-Meyer compression functions (e.g., MD4, MD5, SHA family) in 2 t/2 chosen messages plus 2 t/2 + 1 off-line operations of the compression function and similar amount of memory. This forgery attack also works on the signature schemes that use Davies-Meyer schemes and a variant of RMX published by NIST in its Draft Special Publication (SP) 800-106. We discuss some important applications of our attack.
Resumo:
Protection of passwords used to authenticate computer systems and networks is one of the most important application of cryptographic hash functions. Due to the application of precomputed memory look up attacks such as birthday and dictionary attacks on the hash values of passwords to find passwords, it is usually recommended to apply hash function to the combination of both the salt and password, denoted salt||password, to prevent these attacks. In this paper, we present the first security analysis of salt||password hashing application. We show that when hash functions based on the compression functions with easily found fixed points are used to compute the salt||password hashes, these hashes are susceptible to precomputed offline birthday attacks. For example, this attack is applicable to the salt||password hashes computed using the standard hash functions such as MD5, SHA-1, SHA-256 and SHA-512 that are based on the popular Davies-Meyer compression function. This attack exposes a subtle property of this application that although the provision of salt prevents an attacker from finding passwords, salts prefixed to the passwords do not prevent an attacker from doing a precomputed birthday attack to forge an unknown password. In this forgery attack, we demonstrate the possibility of building multiple passwords for an unknown password for the same hash value and salt. Interestingly, password||salt (i.e. salts suffixed to the passwords) hashes computed using Davies-Meyer hash functions are not susceptible to this attack, showing the first security gap between the prefix-salt and suffix-salt methods of hashing passwords.
Resumo:
The celebrated work of Lortie (1975) alerted teacher educators to the extended period of 'apprenticeship' that student teachers have been through before they arrive at teacher education programmes. The subjective implicit theories (Marland, 1992) developed by prospective teachers are shaped by their lifeworld experiences at school and in the case of physical education teachers, their experiences in sport. The biography of physical education teacher education (PETE) students tends to be characterised by ecto-mesomorphic individuals who have been socialised by the rigours of highly competitive sport (Gore, 1990; Macdonald, 1992; Rossi, 1996). We can add to this, the requirements of teacher preparation in physical education which for the most part are dominated by the traditions and rhetoric of the 'natural' bio-physical sciences; largely a legacy of Henry's (1964) work on physical education as an academic discipline, as well as that of Abernathy and Waltz the same year (Abernathy & Waltz, 1964). In the United Kingdom, Curl (1973) further advanced the argument in an attempt to justify human movement as an independent field of study with its own corpus of knowledge. It is little wonder then, that the dominant pedagogical discourse in physical education is, as Tinning (1991) discusses, one of performance pedagogy (see also Hendry, 1986 for an earlier discussion). The knowledge required to support such a discourse could be described as 'official' (Apple, 1993) and it assumes such status by virtue of the power appropriated by and bestowed upon the scientific community in PETE (Macdonald & Tinning, 1995; Sparkes, 1989, 1993). However, there are social reifiers too, and these tend to relate to the social construction of the body (Kirk, 1993; Kirk & Spiller, 1994; Gilroy, 1994) and what Tinning (1985) has termed the Cult of Slenderness. Furthermore the 'slender image' has become a signifier of 'good health'. This is inextricably linked to what might be considered as a health triplex—'exercise = fitness = health' (see Kirk & Colquhoun, 1989; Tinning & Kirk, 1991) which in Australia, underpins curriculum packages such as Daily Physical Education which teachers (often including physical education primary...
Resumo:
This paper reports on two lengthy studies in Physical education teacher education (PETE) conducted independently but which are epistemologically and methodologically linked. The paper describes how personal construct theory (PCT) and its associated methods provided a means for PETE students to reflexively construct their ideas about teaching physical education over an extended period. Data are drawn from each study in the form of a story of a single participant to indicate how this came about. Furthermore we suggest that PCT might be both a useful research strategy and an effective approach to facilitate professional development in a teacher education setting.
‘It’s about finding a way’ : children, sites of opportunity, and building everyday peace in Colombia
Resumo:
The multiple forms of violence associated with protracted conflict disproportionately affect young people. Literature on conflict-affected children often focuses on the need to provide stability and security through institutions such as schools but rarely considers how young people themselves see these sites as part of their everyday lives. The enduring, pervasive, and complex nature of Colombia’s conflict means many young Colombians face the challenges of poverty, persistent social exclusion, and violence. Such conditions are exacerbated in ‘informal’ barrio communities such as los Altos de Cazucá, just south of the capital Bogotá. Drawing on field research in this community, particularly through interviews conducted with young people aged 10 to 17 this article explores how young people themselves understand the roles of the local school and ngo in their personal conceptualisations of the violence in their everyday lives. The evidence indicates that children use spaces available to them opportunistically and that these actions can and should be read as contributing to local, everyday forms of peacebuilding. The ways in which institutional spaces are understood and used by young people as ‘sites of opportunity’ challenges the assumed illegitimacy of young people’s voices and experiences in these environments.
Resumo:
Despite being used since 1976, Delusions-Symptoms-States-Inventory/states of Anxiety and Depression (DSSI/sAD) has not yet been validated for use among people with diabetes. The aim of this study was to examine the validity of the personal disturbance scale (DSSI/sAD) among women with diabetes using Mater-University of Queensland Study of Pregnancy (MUSP) cohort data. The DSSI subscales were compared against DSM-IV disorders, the Mental Component Score of the Short Form 36 (SF-36 MCS), and Center for Epidemiologic Studies Depression Scale (CES-D). Factor analyses, odds ratios, receiver operating characteristic (ROC) analyses and diagnostic efficiency tests were used to report findings. Exploratory factor analysis and fit indices confirmed the hypothesized two-factor model of DSSI/sAD. We found significant variations in the DSSI/sAD domain scores that could be explained by CES-D (DSSI-Anxiety: 55%, DSSI-Depression: 46%) and SF-36 MCS (DSSI-Anxiety: 66%, DSSI-Depression: 56%). The DSSI subscales predicted DSM-IV diagnosed depression and anxiety disorders. The ROC analyses show that although the DSSI symptoms and DSM-IV disorders were measured concurrently the estimates of concordance remained only moderate. The findings demonstrate that the DSSI/sAD items have similar relationships to one another in both the diabetes and non-diabetes data sets which therefore suggest that they have similar interpretations.
Resumo:
This paper addresses the role of photography as a documentary medium and how this forms a basis for my practice-led studio investigations. In it, I will explore how photography is used to create histories and sustain specific notions of ‘legacy’ within the context of the family photo album. Family history is often based on stories to which the photo album provides a visual point of reference. Despite the ostensible ‘objectivity’ of the family photograph though it is nonetheless as subjective as the stories that surround it. In this way, the photo album perpetuates a hegemony of truth that obscures the fragmentary and highly selective nature of these documents and stories. The result is that every photo album implicitly documents the gaps or voids present in understandings of our own histories. Homi Bhabha refers to these kinds of voids as ‘disjunctive historical spaces’ – spaces of slippage that create the opportunity for new narratives and understandings to occur. Using Bhabha’s ideas as a chief point of reference, I will explore how these voids or gaps in information – and the opportunities for re-examination that they open up - can be explored through contemporary photomedia. Digital technologies such as camera phones and scanners generate a space in which photography’s own documentary conventions can be turned in on themselves to create a subterfuge. My current studio-based research involves using the scanner to navigate through my family’s sometimes-‘occulted’ history, in order to explore, document and recover my connection to this narrative. I am primarily interested in the scanner as a tool for capturing not simply surfaces, but objects, moments or movements in time. Objects or moments captured by the scanner can often be simultaneously distorted and consolidated, blurred and sharpened. This paper will propose that this ‘slippage’, literally expressed in the disruption of the pixelated field, can be used to create a space in which alternative readings or understandings of past events can be explored and new narratives produced.
Resumo:
We present an approach for detecting sensor spoofing attacks on a cyber-physical system. Our approach consists of two steps. In the first step, we construct a safety envelope of the system. Under nominal conditions (that is, when there are no attacks), the system always stays inside its safety envelope. In the second step, we build an attack detector: a monitor that executes synchronously with the system and raises an alarm whenever the system state falls outside the safety envelope. We synthesize safety envelopes using a modified machine learning procedure applied on data collected from the system when it is not under attack. We present experimental results that show effectiveness of our approach, and also validate the several novel features that we introduced in our learning procedure.
Resumo:
The control of environmental factors in open-office environments, such as lighting and temperature is becoming increasingly automated. This development means that office inhabitants are losing the ability to manually adjust environmental conditions according to their needs. In this paper we describe the design, use and evaluation of MiniOrb, a system that employs ambient and tangible interaction mechanisms to allow inhabitants of office environments to maintain awareness of environmental factors, report on their own subjectively perceived office comfort levels and see how these compare to group average preferences. The system is complemented by a mobile application, which enables users to see and set the same sensor values and preferences, but using a screen-based interface. We give an account of the system’s design and outline the results of an in-situ trial and user study. Our results show that devices that combine ambient and tangible interaction approaches are well suited to the task of recording indoor climate preferences and afford a rich set of possible interactions that can complement those enabled by more conventional screen-based interfaces.
Resumo:
Nth-Dimensional Truncated Polynomial Ring (NTRU) is a lattice-based public-key cryptosystem that offers encryption and digital signature solutions. It was designed by Silverman, Hoffstein and Pipher. The NTRU cryptosystem was patented by NTRU Cryptosystems Inc. (which was later acquired by Security Innovations) and available as IEEE 1363.1 and X9.98 standards. NTRU is resistant to attacks based on Quantum computing, to which the standard RSA and ECC public-key cryptosystems are vulnerable to. In addition, NTRU has higher performance advantages over these cryptosystems. Considering this importance of NTRU, it is highly recommended to adopt NTRU as part of a cipher suite along with widely used cryptosystems for internet security protocols and applications. In this paper, we present our analytical study on the implementation of NTRU encryption scheme which serves as a guideline for security practitioners who are novice to lattice-based cryptography or even cryptography. In particular, we show some non-trivial issues that should be considered towards a secure and efficient NTRU implementation.
