500 resultados para Authenticated Encryption
Resumo:
Peer reviewed
Resumo:
It has been observed that Viking Age gold finds in Scandinavia and Britain are frequently associated with watery environments and may represent ritual or votive depositions. There is also evidence, literary and archaeological, for the ritual deposition of some silver hoards in the Viking world. This paper considers the evidence of those Viking Age gold and silver hoards and single finds from Ireland that derive from watery locations, including crannogs and their environs. It is noted that all recorded gold hoards, with one exception, have an apparent association with water or watery places and thus conform to the patterns noted elsewhere. Most of the crannog finds, which are invariably of silver, are from the midland region, and it is noted that a high proportion of them contain ingots and hack-silver and are thus most probably economic rather than ritual in function. It is suggested that these types of hoards evidence a close economic relationship between the Hiberno-Scandinavians of Dublin and the Southern Uí Néill rulers of this area. Some of the remaining silver hoards—from bogs, rivers, lakes, small islands and shorelines—which vary in terms of their contents, with both complete ornaments and hack-silver being represented, may have been ritually deposited, but this is difficult to establish with any degree of certainty. A general discussion of ritual hoarding is presented, and it is concluded that this practice may have been more commonplace than has generally been accepted to date and that some, at least, of the ‘watery’ finds from Ireland were indeed deposited in a ritual context.
Resumo:
The results of O'Kelly’s excavations on Beginish Island are reassessed and it is proposed that there was a long-lived settlement there that functioned as a Viking-age maritime way-station. This re-evaluation is conducted in the light of recent scholarship on the nature of Scandinavian and Hiberno-Scandinavian settlement in Ireland and, in part, is based on the finds that have emerged on Beginish since the conclusion of the excavations there. The site is considered in the context of its location on the sea route that joined Hiberno-Scandinavian Cork with Limerick, and it is suggested that other such way-stations await.
Resumo:
Secure Access For Everyone (SAFE), is an integrated system for managing trust
using a logic-based declarative language. Logical trust systems authorize each
request by constructing a proof from a context---a set of authenticated logic
statements representing credentials and policies issued by various principals
in a networked system. A key barrier to practical use of logical trust systems
is the problem of managing proof contexts: identifying, validating, and
assembling the credentials and policies that are relevant to each trust
decision.
SAFE addresses this challenge by (i) proposing a distributed authenticated data
repository for storing the credentials and policies; (ii) introducing a
programmable credential discovery and assembly layer that generates the
appropriate tailored context for a given request. The authenticated data
repository is built upon a scalable key-value store with its contents named by
secure identifiers and certified by the issuing principal. The SAFE language
provides scripting primitives to generate and organize logic sets representing
credentials and policies, materialize the logic sets as certificates, and link
them to reflect delegation patterns in the application. The authorizer fetches
the logic sets on demand, then validates and caches them locally for further
use. Upon each request, the authorizer constructs the tailored proof context
and provides it to the SAFE inference for certified validation.
Delegation-driven credential linking with certified data distribution provides
flexible and dynamic policy control enabling security and trust infrastructure
to be agile, while addressing the perennial problems related to today's
certificate infrastructure: automated credential discovery, scalable
revocation, and issuing credentials without relying on centralized authority.
We envision SAFE as a new foundation for building secure network systems. We
used SAFE to build secure services based on case studies drawn from practice:
(i) a secure name service resolver similar to DNS that resolves a name across
multi-domain federated systems; (ii) a secure proxy shim to delegate access
control decisions in a key-value store; (iii) an authorization module for a
networked infrastructure-as-a-service system with a federated trust structure
(NSF GENI initiative); and (iv) a secure cooperative data analytics service
that adheres to individual secrecy constraints while disclosing the data. We
present empirical evaluation based on these case studies and demonstrate that
SAFE supports a wide range of applications with low overhead.
Resumo:
Background: Rates of self-harm are high and have recently increased. This trend and the repetitive nature of self-harm pose a significant challenge to mental health services. Aims: To determine the efficacy of a structured group problem-solving skills training (PST) programme as an intervention approach for self-harm in addition to treatment as usual (TAU) as offered by mental health services. Method: A total of 433 participants (aged 18-64 years) were randomly assigned to TAU plus PST or TAU alone. Assessments were carried out at baseline and at 6-week and 6-month follow-up and repeated hospital-treated self-harm was ascertained at 12-month follow-up. Results: The treatment groups did not differ in rates of repeated self-harm at 6-week, 6-month and 12-month follow-up. Both treatment groups showed significant improvements in psychological and social functioning at follow-up. Only one measure (needing and receiving practical help from those closest to them) showed a positive treatment effect at 6-week (P = 0.004) and 6-month (P = 0.01) follow-up. Repetition was not associated with waiting time in the PST group. Conclusions: This brief intervention for self-harm is no more effective than treatment as usual. Further work is required to establish whether a modified, more intensive programme delivered sooner after the index episode would be effective.
Resumo:
Encryption and integrity trees guard against phys- ical attacks, but harm performance. Prior academic work has speculated around the latency of integrity verification, but has done so in an insecure manner. No industrial implementations of secure processors have included speculation. This work presents PoisonIvy, a mechanism which speculatively uses data before its integrity has been verified while preserving security and closing address-based side-channels. PoisonIvy reduces per- formance overheads from 40% to 20% for memory intensive workloads and down to 1.8%, on average.
Resumo:
The fast developing international trade of products based on traditional knowledge and their value chains has become an important aspect of the ethnopharmacological debate. The structure and diversity of value chains and their impact on the phytochemical composition of herbal medicinal products has been overlooked in the debate about quality problems in transnational trade. Different government policies and regulations governing trade in herbal medicinal products impact on such value chains. Medicinal Rhodiola species, including Rhodiola rosea L. and Rhodiola crenulata (Hook.f. & Thomson) H.Ohba, have been used widely in Europe and Asia as traditional herbal medicines with numerous claims for their therapeutic effects. Faced with resource depletion and environment destruction, R. rosea and R. crenulata are becoming endangered, making them more economically valuable to collectors and middlemen, and also increasing the risk of adulteration and low quality. We compare the phytochemical differences among Rhodiola raw materials available on the market to provide a practical method for Rhodiola authentication and the detection of potential adulterant compounds. Samples were collected from Europe and Asia and nuclear magnetic resonance spectroscopy coupled with multivariate analysis software and high performance thin layer chromatography techniques were used to analyse the samples. A method was developed to quantify the amount of adulterant species contained within mixtures. We compared the phytochemical composition of collected Rhodiola samples to authenticated samples. Rosavin and rosarin were mainly present in R. rosea whereas crenulatin was only present in R. crenulata. 30% of the Rhodiola samples purchased from the Chinese market were adulterated by other Rhodiola spp. Moreover, 7 % of the raw-material samples were not labelled satifactorily. The utilisation of both 1H-NMR and HPTLC methods provided an integrated analysis of the phytochemical differences and novel identification method for R. rosea and R. crenulata. Using 1H-NMR spectroscopy it was possible to quantify the presence of R. crenulata in admixtures with R. rosea. This quantitative technique could be used in the future to assess a variety of herbal drugs and products. This project also highlights the need to further study the links between producers and consumers in national and trans-national trade.
Resumo:
Cloud storage has rapidly become a cornerstone of many businesses and has moved from an early adopters stage to an early majority, where we typically see explosive deployments. As companies rush to join the cloud revolution, it has become vital to create the necessary tools that will effectively protect users' data from unauthorized access. Nevertheless, sharing data between multiple users' under the same domain in a secure and efficient way is not trivial. In this paper, we propose Sharing in the Rain – a protocol that allows cloud users' to securely share their data based on predefined policies. The proposed protocol is based on Attribute-Based Encryption (ABE) and allows users' to encrypt data based on certain policies and attributes. Moreover, we use a Key-Policy Attribute-Based technique through which access revocation is optimized. More precisely, we show how to securely and efficiently remove access to a file, for a certain user that is misbehaving or is no longer part of a user group, without having to decrypt and re-encrypt the original data with a new key or a new policy.
Resumo:
Physical location of data in cloud storage is a problem that gains a lot of attention not only from the actual cloud providers but also from the end users' who lately raise many concerns regarding the privacy of their data. It is a common practice that cloud service providers create replicate users' data across multiple physical locations. However, moving data in different countries means that basically the access rights are transferred based on the local laws of the corresponding country. In other words, when a cloud service provider stores users' data in a different country then the transferred data is subject to the data protection laws of the country where the servers are located. In this paper, we propose LocLess, a protocol which is based on a symmetric searchable encryption scheme for protecting users' data from unauthorized access even if the data is transferred to different locations. The idea behind LocLess is that "Once data is placed on the cloud in an unencrypted form or encrypted with a key that is known to the cloud service provider, data privacy becomes an illusion". Hence, the proposed solution is solely based on encrypting data with a key that is only known to the data owner.
Resumo:
This paper aims at identifying and describing the current major pragmatic issues of legal translation in the context of the EU. There some facts that provide legal translation in this context with unique features, such as the binding nature of EU law for the 28 Member States and the authenticated versions of the normative acts adopted by the EU institutions. These features have led to several authors talking about a new type of legal translation that should be approached and studied independently. We aim at identifying the reasons for this as well as describing the major translation strategies and theoretical approaches that the authors have proposed in order to help EU translators and lawyerlinguists overcome the translation problems arising from divergences of legal systems and legal traditions within the Member States.
Resumo:
Executive summary
Digital systems have transformed, and will continue to transform, our world. Supportive government policy, a strong research base and a history of industrial success make the UK particularly well-placed to realise the benefits of the emerging digital society. These benefits have already been substantial, but they remain at risk. Protecting the benefits and minimising the risks requires reliable and robust cybersecurity, underpinned by a strong research and translation system.
Trust is essential for growing and maintaining participation in the digital society. Organisations earn trust by acting in a trustworthy manner: building systems that are reliable and secure, treating people, their privacy and their data with respect, and providing credible and comprehensible information to help people understand how secure they are.
Resilience, the ability to function, adapt, grow, learn and transform under stress or in the face of shocks, will help organisations deliver systems that are reliable and secure. Resilient organisations can better protect their customers, provide more useful products and services, and earn people’s trust.
Research and innovation in industry and academia will continue to make important contributions to creating this resilient and trusted digital environment. Research can illuminate how best to build, assess and improve digital systems, integrating insights from different disciplines, sectors and around the globe. It can also generate advances to help cybersecurity keep up with the continued evolution of cyber risks.
Translation of innovative ideas and approaches from research will create a strong supply of reliable, proven solutions to difficult to predict cybersecurity risks. This is best achieved by maximising the diversity and number of innovations that see the light of day as products.
Policy, practice and research will all need to adapt. The recommendations made in this report seek to set up a trustworthy, self-improving and resilient digital environment that can thrive in the face of unanticipated threats, and earn the trust people place in it.
Innovation and research will be particularly important to the UK’s economy as it establishes a new relationship with the EU. Cybersecurity delivers important economic benefits, both by underpinning the digital foundations of UK business and trade and also through innovation that feeds directly into growth. The findings of this report will be relevant regardless of how the UK’s relationship to the EU changes.
Headline recommendations
● Trust: Governments must commit to preserving the robustness of encryption, including end-to-end encryption, and promoting its widespread use. Encryption is a foundational security technology that is needed to build user trust, improve security standards and fully realise the benefits of digital systems.
● Resilience: Government should commission an independent review of the UK’s future cybersecurity needs, focused on the institutional structures needed to support resilient and trustworthy digital systems in the medium and longer term. A self-improving, resilient digital environment will need to be guided and governed by institutions that are transparent, expert and have a clear and widely-understood remit.
● Research: A step change in cybersecurity research and practice should be pursued; it will require a new approach to research, focused on identifying ambitious high-level goals and enabling excellent researchers to pursue those ambitions. This would build on the UK's existing strengths in many aspects of cybersecurity research and ultimately help build a resilient and trusted digital sector based on excellent research and world-class expertise.
● Translation: The UK should promote a free and unencumbered flow of cybersecurity ideas from research to practical use and support approaches that have public benefits beyond their short term financial return. The unanticipated nature of future cyber threats means that a diverse set of cybersecurity ideas and approaches will be needed to build resilience and adaptivity. Many of the most valuable ideas will have broad security benefits for the public, beyond any direct financial returns.
Resumo:
As the development of a viable quantum computer nears, existing widely used public-key cryptosystems, such as RSA, will no longer be secure. Thus, significant effort is being invested into post-quantum cryptography (PQC). Lattice-based cryptography (LBC) is one such promising area of PQC, which offers versatile, efficient, and high performance security services. However, the vulnerabilities of these implementations against side-channel attacks (SCA) remain significantly understudied. Most, if not all, lattice-based cryptosystems require noise samples generated from a discrete Gaussian distribution, and a successful timing analysis attack can render the whole cryptosystem broken, making the discrete Gaussian sampler the most vulnerable module to SCA. This research proposes countermeasures against timing information leakage with FPGA-based designs of the CDT-based discrete Gaussian samplers with constant response time, targeting encryption and signature scheme parameters. The proposed designs are compared against the state-of-the-art and are shown to significantly outperform existing implementations. For encryption, the proposed sampler is 9x faster in comparison to the only other existing time-independent CDT sampler design. For signatures, the first time-independent CDT sampler in hardware is proposed.
Resumo:
This project is aimed at making comparison between current existing Internet- of-Things (IoT) platforms, SensibleThings (ST) and Global Sensors Networks (GSN). Project can be served as a further work of platforms’ investigation. Comparing and learning from each other aim to contribute to the improvement of future platforms development. Detailed comparison is mainly with the respect of platform feature, communication and data present-frequency performance under stress, and platform node scalability performance on one limited device. Study is conducted through developing applications on each platform, and making measuring performance under the same condition in household network environment. So far, all these respects have had results and been concluded. Qualitatively comparing, GSN performs better in the facets of node’s swift development and deployment, data management, node subscription and connection retry mechanism. Whereas, ST is superior in respects of network package encryption, platform reliability, session initializing latency, and degree of developing freedom. In quantitative comparison, nodes on GSN has better data push pressure resistence while ST nodes works with lower session latency. In terms of data present-frequency, ST node can reach higher updating frequency than GSN node. In the aspect of node sclability on one limited device, ST nodes take the advantage in averagely lower latency than GSN node when nodes number is less than 15 on limited device. But due to sharing mechanism of GSN, on one limited device, it's nodes shows more scalable if platform nodes have similar job.
Resumo:
Contemporary integrated circuits are designed and manufactured in a globalized environment leading to concerns of piracy, overproduction and counterfeiting. One class of techniques to combat these threats is circuit obfuscation which seeks to modify the gate-level (or structural) description of a circuit without affecting its functionality in order to increase the complexity and cost of reverse engineering. Most of the existing circuit obfuscation methods are based on the insertion of additional logic (called “key gates”) or camouflaging existing gates in order to make it difficult for a malicious user to get the complete layout information without extensive computations to determine key-gate values. However, when the netlist or the circuit layout, although camouflaged, is available to the attacker, he/she can use advanced logic analysis and circuit simulation tools and Boolean SAT solvers to reveal the unknown gate-level information without exhaustively trying all the input vectors, thus bringing down the complexity of reverse engineering. To counter this problem, some ‘provably secure’ logic encryption algorithms that emphasize methodical selection of camouflaged gates have been proposed previously in literature [1,2,3]. The contribution of this paper is the creation and simulation of a new layout obfuscation method that uses don't care conditions. We also present proof-of-concept of a new functional or logic obfuscation technique that not only conceals, but modifies the circuit functionality in addition to the gate-level description, and can be implemented automatically during the design process. Our layout obfuscation technique utilizes don’t care conditions (namely, Observability and Satisfiability Don’t Cares) inherent in the circuit to camouflage selected gates and modify sub-circuit functionality while meeting the overall circuit specification. Here, camouflaging or obfuscating a gate means replacing the candidate gate by a 4X1 Multiplexer which can be configured to perform all possible 2-input/ 1-output functions as proposed by Bao et al. [4]. It is important to emphasize that our approach not only obfuscates but alters sub-circuit level functionality in an attempt to make IP piracy difficult. The choice of gates to obfuscate determines the effort required to reverse engineer or brute force the design. As such, we propose a method of camouflaged gate selection based on the intersection of output logic cones. By choosing these candidate gates methodically, the complexity of reverse engineering can be made exponential, thus making it computationally very expensive to determine the true circuit functionality. We propose several heuristic algorithms to maximize the RE complexity based on don’t care based obfuscation and methodical gate selection. Thus, the goal of protecting the design IP from malicious end-users is achieved. It also makes it significantly harder for rogue elements in the supply chain to use, copy or replicate the same design with a different logic. We analyze the reverse engineering complexity by applying our obfuscation algorithm on ISCAS-85 benchmarks. Our experimental results indicate that significant reverse engineering complexity can be achieved at minimal design overhead (average area overhead for the proposed layout obfuscation methods is 5.51% and average delay overhead is about 7.732%). We discuss the strengths and limitations of our approach and suggest directions that may lead to improved logic encryption algorithms in the future. References: [1] R. Chakraborty and S. Bhunia, “HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 28, no. 10, pp. 1493–1502, 2009. [2] J. A. Roy, F. Koushanfar, and I. L. Markov, “EPIC: Ending Piracy of Integrated Circuits,” in 2008 Design, Automation and Test in Europe, 2008, pp. 1069–1074. [3] J. Rajendran, M. Sam, O. Sinanoglu, and R. Karri, “Security Analysis of Integrated Circuit Camouflaging,” ACM Conference on Computer Communications and Security, 2013. [4] Bao Liu, Wang, B., "Embedded reconfigurable logic for ASIC design obfuscation against supply chain attacks,"Design, Automation and Test in Europe Conference and Exhibition (DATE), 2014 , vol., no., pp.1,6, 24-28 March 2014.
Resumo:
Imagine being told that your wage was going to be cut in half. Well, that’s what’s soon going to happen to those who make money from Bitcoin mining, the process of earning the online currency Bitcoin. The current expected date for this change is 11 July 2016. Many see this as the day when Bitcoin prices will rocket and when Bitcoin owners could make a great deal of money. Others see it as the start of a Bitcoin crash. At present no one quite knows which way it will go. Bitcoin was created in 2009 by someone known as Satoshi Nakamoto, borrowing from a whole lot of research methods. It is a cryptocurrency, meaning it uses digital encryption techniques to create bitcoins and secure financial transactions. It doesn’t need a central government or organisation to regulate it, nor a broker to manage payments. Conventional currencies usually have a central bank that creates money and controls its supply. Bitcoin is instead created when individuals “mine” for it by using their computers to perform complex calculations through special software. The algorithm behind Bitcoin is designed to limit the number of bitcoins that can ever be created. All Bitcoin transactions are recorded on a public database known as a blockchain. Every time someone mines for Bitcoin, it is recorded with a new block that is transmitted to every Bitcoin app across the network, like a bank updating its online records.
