35 resultados para passwords
Resumo:
Recently, a convex hull-based human identification protocol was proposed by Sobrado and Birget, whose steps can be performed by humans without additional aid. The main part of the protocol involves the user mentally forming a convex hull of secret icons in a set of graphical icons and then clicking randomly within this convex hull. While some rudimentary security issues of this protocol have been discussed, a comprehensive security analysis has been lacking. In this paper, we analyze the security of this convex hull-based protocol. In particular, we show two probabilistic attacks that reveal the user’s secret after the observation of only a handful of authentication sessions. These attacks can be efficiently implemented as their time and space complexities are considerably less than brute force attack. We show that while the first attack can be mitigated through appropriately chosen values of system parameters, the second attack succeeds with a non-negligible probability even with large system parameter values that cross the threshold of usability.
Resumo:
To provide card holder authentication while they are conducting an electronic transaction using mobile devices, VISA and MasterCard independently proposed two electronic payment protocols: Visa 3D Secure and MasterCard Secure Code. The protocols use pre-registered passwords to provide card holder authentication and Secure Socket Layer/ Transport Layer Security (SSL/TLS) for data confidentiality over wired networks and Wireless Transport Layer Security (WTLS) between a wireless device and a Wireless Application Protocol (WAP) gateway. The paper presents our analysis of security properties in the proposed protocols using formal method tools: Casper and FDR2. We also highlight issues concerning payment security in the proposed protocols.
Resumo:
Protection of passwords used to authenticate computer systems and networks is one of the most important application of cryptographic hash functions. Due to the application of precomputed memory look up attacks such as birthday and dictionary attacks on the hash values of passwords to find passwords, it is usually recommended to apply hash function to the combination of both the salt and password, denoted salt||password, to prevent these attacks. In this paper, we present the first security analysis of salt||password hashing application. We show that when hash functions based on the compression functions with easily found fixed points are used to compute the salt||password hashes, these hashes are susceptible to precomputed offline birthday attacks. For example, this attack is applicable to the salt||password hashes computed using the standard hash functions such as MD5, SHA-1, SHA-256 and SHA-512 that are based on the popular Davies-Meyer compression function. This attack exposes a subtle property of this application that although the provision of salt prevents an attacker from finding passwords, salts prefixed to the passwords do not prevent an attacker from doing a precomputed birthday attack to forge an unknown password. In this forgery attack, we demonstrate the possibility of building multiple passwords for an unknown password for the same hash value and salt. Interestingly, password||salt (i.e. salts suffixed to the passwords) hashes computed using Davies-Meyer hash functions are not susceptible to this attack, showing the first security gap between the prefix-salt and suffix-salt methods of hashing passwords.
Resumo:
The aim of the study was to explore why the MuPSiNet project - a computer and network supported learning environment for the field of health care and social work - did not develop as expected. To grasp the problem some hypotheses were formulated. The hypotheses regarded the teachers' skills in and attitudes towards computing and their attitudes towards constructivist study methods. An online survey containing 48 items was performed. The survey targeted all the teachers within the field of health care and social work in the country, and it produced 461 responses that were analysed against the hypotheses. The reliability of the variables was tested using the Cronbach alpha coefficient and t-tests. Poor basic computing skills among the teachers combined with a vulnerable technical solution, and inadequate project management combined with lack of administrative models for transforming economic resources into manpower were the factors that turned out to play a decisive role in the project. Other important findings were that the teachers had rather poor skills and knowledge in computing, computer safety and computer supported instruction, and that these skills were significantly poorer among female teachers who were in majority in the sample. The fraction of teachers who were familiar with software for electronic patient records (EPR) was low. The attitudes towards constructivist teaching methods were positive, and further education seemed to utterly increase the teachers' readiness to use alternative teaching methods. The most important conclusions were the following: In order to integrate EPR software as a natural tool in teaching planning and documenting health care, it is crucial that the teachers have sufficient basic skills in computing and that more teachers have personal experience of using EPR software. In order for computer supported teaching to become accepted it is necessary to arrange with extensive further education for the teachers presently working, and for that further education to succeed it should be backed up locally among other things by sufficient support in matters concerning computer supported teaching. The attitudes towards computing showed significant gender differences. Based on the findings it is suggested that basic skills in computing should also include an awareness of data safety in relation to work in different kinds of computer networks, and that projects of this kind should be built up around a proper project organisation with sufficient resources. Suggestions concerning curricular development and further education are also presented. Conclusions concerning the research method were that reminders have a better effect, and that respondents tend to answer open-ended questions more verbosely in electronically distributed online surveys compared to traditional surveys. A method of utilising randomized passwords to guarantee respondent anonymity while maintaining sample control is presented. Keywords: computer-assisted learning, computer-assisted instruction, health care, social work, vocational education, computerized patient record, online survey
Resumo:
User authentication is essential for accessing computing resources, network resources, email accounts, online portals etc. To authenticate a user, system stores user credentials (user id and password pair) in system. It has been an interested field problem to discover user password from a system and similarly protecting them against any such possible attack. In this work we show that passwords are still vulnerable to hash chain based and efficient dictionary attacks. Human generated passwords use some identifiable patterns. We have analysed a sample of 19 million passwords, of different lengths, available online and studied the distribution of the symbols in the password strings. We show that the distribution of symbols in user passwords is affected by the native language of the user. From symbol distributions we can build smart and efficient dictionaries, which are smaller in size and their coverage of plausible passwords from Key-space is large. These smart dictionaries make dictionary based attacks practical.
Resumo:
Perante uma sociedade em célere envelhecimento demográfico e permanente avanço tecnológico, justifica-se a aposta em estudos que potenciem a ação comunicativa e a diminuição do isolamento social decorrente das perdas biopsicossociais associadas à idade sénior. Esta tese possui quatro objetivos de estudo: i) pretende-se investigar qual é o impacto da utilização das Tecnologias de Informação e Comunicação (TIC) no autoconceito (AC), no ânimo e na qualidade de vida (QV) de um grupo de seniores; ii) perceber se existe e qual a relação entre as variáveis independentes sexo, idade, estado civil, escolaridade, profissão, IPSS, regime de frequência, tempo na IPSS, orientação para frequentar a IPSS, visita de familiares e visita de amigos e as variáveis dependentes AC, ânimo, QV e respetivos fatores e domínios, nos momentos de pré e pós-teste; iii) perceber se a sua participação no processo de conceptualização de um serviço de comunicação assíncrona, email, influencia a sua usabilidade ao nível das componentes eficácia, eficiência e satisfação; iv) e sugerir a componente política da comunidade online sénior em desenvolvimento no âmbito do Projeto SEDUCE. Para o desenvolvimento do estudo estabeleceram-se parcerias com quatro Instituições Particulares de Segurança Social do concelho de Aveiro, integradas no âmbito do projeto SEDUCE. Os instrumentos utilizados para a avaliação do autoconceito, do ânimo e da qualidade de vida foram o Inventário Clínico de Auto-Conceito, a Escala de Ânimo do Centro Geriátrico de Philadelphia e a Escala de Qualidade de Vida da Organização Mundial de Saúde WHOQOL-Bref, respetivamente. No processo de conceptualização do serviço de email e da componente política da comunidade online utilizou-se a observação participativa e o contextual design. O estudo envolveu a participação de 42 seniores distribuídos por duas condições experimentais: 22 seniores do grupo experimental utilizaram as TIC duas vezes por semana (em sessões de 90 minutos cada, num total de 80 sessões) e 19 seniores do grupo de controlo passivo não experimentaram qualquer intervenção. Para a avaliação das variáveis psicossociais realizaram-se dois momentos de avaliação, antes e depois de 11 meses de intervenção, de Agosto de 2011 a Julho de 2012. Ao longo das sessões de envolvimento com as TIC observou-se que os seniores apresentam, continuamente, dificuldades em: manipular o rato e percecionar a sua ação no monitor; fazer a distinção entre teclas (enter, spacebar, delete, caps lock entre outras); em utilizar duplas teclas para colocar pontuação e acentuação; iniciar atividades no Microsoft Office Word; selecionar a informação disponibilizada em motores de pesquisa; perceber quais as zonas clicáveis; falta de confiança em efetivar ações; receio em iniciar nova atividades, pela falta de conhecimento e pelo medo de errar; memorizar endereços de email e passwords; e dar continuidade às tarefas. Na utilização do serviço de email consideram importante receber resposta quando enviam uma mensagem, assim como responder sempre aos remetentes; raramente colocam assunto nas mensagens; e expressam grande satisfação ao receber mensagens de familiares e/ou amigos. O processo de desenvolvimento de serviços com a participação ativa dos seniores revela-se exequível mas é necessário adaptar as práticas: os processos devem ser iterativos; evitar linguagem formal; clarificar o objetivo; deixar os seniores pensar em voz alta; dar-lhes tempo; mantê-los focados e não conduzi-los nas tarefas. Os resultados sugerem que houve aumento significativo do domínio físico da qualidade de vida do grupo experimental. Os participantes que exprimiram maiores níveis de satisfação ao utilizar as TIC apresentam uma perspetiva mais positiva sobre a maturidade psicológica e menos solidão e insatisfação. No grupo experimental e no grupo de controlo passivo verificam-se relações entre as variáveis independentes e as variáveis dependentes, quer no momento de pré-teste como de pós-teste. Conclui-se que a participação dos seniores no processo de conceptualização do serviço de email permitiu fomentar a componente eficácia da usabilidade mas não a satisfação ao utilizar o mesmo. Os resultados sobre a eficiência são inconclusivos. Sobre a componente política os seniores validam a existência de termos de utilização que orientem o comportamento de todos os utilizadores, assim como de uma política de privacidade. A área de registo proposta é adequada ao utilizador sénior.
Resumo:
Trabalho Final de Mestrado para obtenção do grau de Mestre em Engenharia de Electrónica e Telecomunicações
Resumo:
In this computerized, globalised and internet world our computer collects various types of information’s about every human being and stores them in files secreted deep on its hard drive. Files like cache, browser history and other temporary Internet files can be used to store sensitive information like logins and passwords, names addresses, and even credit card numbers. Now, a hacker can get at this information by wrong means and share with someone else or can install some nasty software on your computer that will extract your sensitive and secret information. Identity Theft posses a very serious problem to everyone today. If you have a driver’s license, a bank account, a computer, ration card number, PAN card number, ATM card or simply a social security number you are more than at risk, you are a target. Whether you are new to the idea of ID Theft, or you have some unanswered questions, we’ve compiled a quick refresher list below that should bring you up to speed. Identity theft is a term used to refer to fraud that involves pretending to be someone else in order to steal money or get other benefits. Identity theft is a serious crime, which is increasing at tremendous rate all over the world after the Internet evolution. There is widespread agreement that identity theft causes financial damage to consumers, lending institutions, retail establishments, and the economy as a whole. Surprisingly, there is little good public information available about the scope of the crime and the actual damages it inflicts. Accounts of identity theft in recent mass media and in film or literature have centered on the exploits of 'hackers' - variously lauded or reviled - who are depicted as cleverly subverting corporate firewalls or other data protection defenses to gain unauthorized access to credit card details, personnel records and other information. Reality is more complicated, with electronic identity fraud taking a range of forms. The impact of those forms is not necessarily quantifiable as a financial loss; it can involve intangible damage to reputation, time spent dealing with disinformation and exclusion from particular services because a stolen name has been used improperly. Overall we can consider electronic networks as an enabler for identity theft, with the thief for example gaining information online for action offline and the basis for theft or other injury online. As Fisher pointed out "These new forms of hightech identity and securities fraud pose serious risks to investors and brokerage firms across the globe," I am a victim of identity theft. Being a victim of identity theft I felt the need for creating an awareness among the computer and internet users particularly youngsters in India. Nearly 70 per cent of Indian‘s population are living in villages. Government of India already started providing computer and internet facilities even to the remote villages through various rural development and rural upliftment programmes. Highly educated people, established companies, world famous financial institutions are becoming victim of identity theft. The question here is how vulnerable the illiterate and innocent rural people are if they suddenly exposed to a new device through which some one can extract and exploit their personal data without their knowledge? In this research work an attempt has been made to bring out the real problems associated with Identity theft in developed countries from an economist point of view.
Resumo:
Edshare for INFO2009 coursework 2 - Team 'DROP TABLE groups;
Resumo:
Quick video for iSolutions to sanity check workaround as all staff will be asked to change network passwords which could have a major affecting on staff authenticating to network printers from a Mac. If good can be used by Serviceline. Do not Contact Adam Procter about this
Resumo:
Abstract Passwords are the most common form of authentication, and most of us will have to log in to several accounts every day which require passwords. Unfortunately, passwords often do not do a good job of proving who we are, and come with a host of usability problems. Probably the only reason that passwords still exist is that there often isn't a better alternative, so we are likely to be stuck with them for the foreseeable future. Password cracking has been a problem for years, and becomes more problematic as computer become more powerful and attackers get a better idea of the sort of passwords people use. This presentation will look at two free password cracking tools: Hashcat and John the Ripper, and how even a non-expert on a laptop (i.e. me) can use them effectively. An introduction to some of the research surrounding the economics and usability of passwords will also be discussed. Note that the speaker is not an expert in this area, so it will be a fairly informal since I'm sure you're all tired after a long term.
Resumo:
Em compras realizadas pela internet ou televendas com cartões de crédito, em muitos países como Brasil e EUA, não há apresentação física do cartão em nenhum momento da compra ou entrega da mercadoria ou serviço, tampouco são populares mecanismos como senhas que assegurem a autenticidade do cartão e seu portador. Ao mesmo tempo, a responsabilidade por assumir os custos nessas transações é dos lojistas. Em todos os estudos anteriores presentes na literatura, a detecção de fraudes com cartões de crédito não abrangia somente esses canais nem focava a detecção nos principais interessados nela, os lojistas. Este trabalho apresenta os resultados da utilização de cinco das técnicas de modelagem mais citadas na literatura e analisa o poder do compartilhamento de dados ao comparar os resultados dos modelos quando processados apenas sobre a base da loja ou com ela compartilhando dados com outros lojistas.
Resumo:
Brazilian public policy entered in the so-called new social federalism through its conditional cash transfers. States and municipalities can operate together through the nationwide platform of the Bolsa Familia Program (BFP), complementing federal actions with local innovations. The state and the city of Rio de Janeiro have created programs named, respectively, Renda Melhor (RM) and Família Carioca (FC). These programs make use of the operational structure of the BFP, which facilitates locating beneficiaries, issuing cards, synchronizing payment dates and access passwords and introducing new conditionalities. The payment system of the two programs complements the estimated permanent household income up to the poverty line established, giving more to those who have less. Similar income complementation system was subsequently adopted in the BFP and the Chilean Ingreso Ético Familiar, which also follow the principle of estimation of income used in the FC and in the RM. Instead of using the declared income, the value of the Rio cash transfers are set using the extensive collection of information obtained from the Single Registry of Social Programs (Cadastro Único): physical configuration of housing, access to public services, education and work conditions for all family members, presence of vulnerable groups, disabilities, pregnant or lactating women, children and benefits from other official transfers such as the BFP. With this multitude of assets and limitations, the permanent income of each individual is estimated. The basic benefit is defined by the poverty gap and priority is given to the poorest. These subnational programs use international benchmarks as a neutral ground between different government levels and mandates. Their poverty line is the highest of the first millennium goal of the United Nations (UN): US$ 2 per person per day adjusted for the cost of living. The other poverty line of the UN, US$ 1.25, was implicitly adopted as the national extreme poverty line in 2011. The exchange of methodologies between federal entities has happened both ways. The FC began with the 575,000 individuals living in the city of Rio de Janeiro who were on the payroll of the BFP. Its system of impact evaluation benefited from bi-monthly standardized examinations. In the educational conditionalities, the two programs reward students' progress, a potential advantage for those who most need to advance. The municipal program requires greater school attendance than that of the BFP and the presence of students’ parents at the bimonthly meetings held on Saturdays. Students must achieve a grade of 8 or improve at least 20% in each exam to receive a bi-monthly premium of R$50. In early childhood, priority is given to the poor children in the program Single Administrative Register (CadÚnico) to enroll in kindergarten, preschools and complementary activities. The state program reaches more than one million people with a payment system similar to the municipal one. Moreover, it innovates in that it transfers awards given to high school students to savings accounts. The prize increases and is paid to the student, who can withdraw up to 30% annually. The total can reach R$3,800 per low-income student. The State and the city rewarded already education professionals according to student performance, now completing the chain of demand incentives on poor students and their parents. Increased performance is higher among beneficiaries and the presence of their guardians at meetings is twice compared to non beneficiaries; The Houston program, also focuses on aligning the incentives to teachers, parents and students. In general, the plan is to explore strategic complementarities, where the whole is greater than the sum of its parts. The objective is to stimulate, through targets and incentives, synergies between social actors (teachers, parents, students), between areas (education, assistance, work) and different levels of government. The cited programs sum their efforts and divide labor so as to multiply interactions and make a difference in the lives of the poor.
Resumo:
Cryptographic systems are safe. However, the management of cryptographic keys of these systems is a tough task. They are usually protected by the use of password-based authentication mechanisms, which is a weak link on conventional cryptographic systems, as the passwords can be easily copied or stolen. The usage of a biometric approach for releasing the keys is an alternative to the password-based mechanisms. But just like passwords, we need mechanisms to keep the biometrical signal safe. One approach for such mechanism is to use biometrical key cryptography. The cryptographic systems based on the use of biometric characteristics as keys are called biometrical cryptographic systems. This article presents the implementation of Fuzzy Vault, a biometrical cryptographic system written in Java, along with its performance evaluation. Fuzzy Vault was tested on a real application using smartcards.
Resumo:
Pós-graduação em Ciência da Computação - IBILCE
