Practical Evaluation of Security against Generalized Interpolation Attack

Interpolation attack was presented by Jakobsen and Knudsen at FSE'97. Interpolation attack is effective against ciphers that have a certain algebraic structure like the PURE cipher which is a prototype cipher, but it is difficult to apply the attack to real-world ciphers. This difficulty is due to the difficulty of deriving a low degree polynomial relation between ciphertexts and plaintexts. In other words, it is difficult to evaluate the security against interpolation attack. This paper generalizes the interpolation attack. The generalization makes easier to evaluate the security against interpolation attack. We call the generalized interpolation attack linear sum attack. We present an algorithm that evaluates the security of byte-oriented ciphers against linear sum attack. Moreover, we show the relationship between linear sum attack and higher order differential attack. In addition, we show the security of CRYPTON, E2, and RIJNDAEL against linear sum attack using the algorithm.

一种认证密钥协商协议的安全分析及改进

针对用于移动通信的可证安全的双向认证密钥协商协议MAKAP给出了一种有效攻击，指出谊协议存在安全缺陷，它不能抵抗未知密钥共享攻击．分析了这些安全缺陷产生的原因，并给出了一种改进的协议MAKAP-I．改进后的MAKAP-I协议不但是可证安全的，而且无论从计算开销、通信开销、存储开销以及实现成本等方面，都比原MAKAP协议更高效、更实用．

cryptanalysis of the end-to-end security protocol for mobile communications with end-user identification/authentication

IEEE Computer Society

security analysis of two password authentication schemes

National Natural Science Foundation of China; Dalian University of Technology

an analysis for understanding software security requirement methodologies

IEEE Reliabil Soc, Shanghai Jiao Tong Univ

Novel information sharing syntax for data sharing between police and community partners, using role-based security.

The exchange of information between the police and community partners forms a central aspect of effective community service provision. In the context of policing, a robust and timely communications mechanism is required between police agencies and community partner domains, including: Primary healthcare (such as a Family Physician or a General Practitioner); Secondary healthcare (such as hospitals); Social Services; Education; and Fire and Rescue services. Investigations into high-profile cases such as the Victoria Climbié murder in 2000, the murders of Holly Wells and Jessica Chapman in 2002, and, more recently, the death of baby Peter Connelly through child abuse in 2007, highlight the requirement for a robust information-sharing framework. This paper presents a novel syntax that supports information-sharing requests, within strict data-sharing policy definitions. Such requests may form the basis for any information-sharing agreement that can exist between the police and their community partners. It defines a role-based architecture, with partner domains, with a syntax for the effective and efficient information sharing, using SPoC (Single Point-of-Contact) agents to control in-formation exchange. The application of policy definitions using rules within these SPoCs is inspired by network firewall rules and thus define information exchange permissions. These rules can be imple-mented by software filtering agents that act as information gateways between partner domains. Roles are exposed from each domain to give the rights to exchange information as defined within the policy definition. This work involves collaboration with the Scottish Police, as part of the Scottish Institute for Policing Research (SIPR), and aims to improve the safety of individuals by reducing risks to the community using enhanced information-sharing mechanisms.

The Organization for Security and Co-operation in Europe and European Security Law

Odello, Marco, The Organization for Security and Co-operation in Europe and European Security Law, In: European Security Law, Oxford University Press, pp. 295-328, 2007. RAE2008