922 resultados para Key Agreement, Password Authentication, Three-party
Resumo:
Three-party password-authenticated key exchange (3PAKE) protocols allow entities to negotiate a secret session key with the aid of a trusted server with whom they share a human-memorable password. Recently, Lou and Huang proposed a simple 3PAKE protocol based on elliptic curve cryptography, which is claimed to be secure and to provide superior efficiency when compared with similar-purpose solutions. In this paper, however, we show that the solution is vulnerable to key-compromise impersonation and offline password guessing attacks from system insiders or outsiders, which indicates that the empirical approach used to evaluate the scheme's security is flawed. These results highlight the need of employing provable security approaches when designing and analyzing PAKE schemes. Copyright (c) 2011 John Wiley & Sons, Ltd.
Resumo:
The decay of orthopositronium into three photons produces a physical realization of a pure state with three-party entanglement. Its quantum correlations are analyzed using recent results on quantum information theory, looking for the final state that has the maximal amount of Greenberger, Horne, and Zeilinger like correlations. This state allows for a statistical dismissal of local realism stronger than the one obtained using any entangled state of two spin one-half particles.
Resumo:
Key agreement is a cryptographic scenario between two legitimate parties, who need to establish a common secret key over a public authenticated channel, and an eavesdropper who intercepts all their messages in order to learn the secret. We consider query complexity in which we count only the number of evaluations (queries) of a given black-box function, and classical communication channels. Ralph Merkle provided the first unclassified scheme for secure communications over insecure channels. When legitimate parties are willing to ask O(N) queries for some parameter N, any classical eavesdropper needs Omega(N^2) queries before being able to learn their secret, which is is optimal. However, a quantum eavesdropper can break this scheme in O(N) queries. Furthermore, it was conjectured that any scheme, in which legitimate parties are classical, could be broken in O(N) quantum queries. In this thesis, we introduce protocols à la Merkle that fall into two categories. When legitimate parties are restricted to use classical computers, we offer the first secure classical scheme. It requires Omega(N^{13/12}) queries of a quantum eavesdropper to learn the secret. We give another protocol having security of Omega(N^{7/6}) queries. Furthermore, for any k>= 2, we introduce a classical protocol in which legitimate parties establish a secret in O(N) queries while the optimal quantum eavesdropping strategy requires Theta(N^{1/2+k/{k+1}}) queries, approaching Theta(N^{3/2}) when k increases. When legitimate parties are provided with quantum computers, we present two quantum protocols improving on the best known scheme before this work. Furthermore, for any k>= 2, we give a quantum protocol in which legitimate parties establish a secret in O(N) queries while the optimal quantum eavesdropping strategy requires Theta(N^{1+{k}/{k+1}})} queries, approaching Theta(N^{2}) when k increases.
Resumo:
Password Authentication Protocol (PAP) is widely used in the Wireless Fidelity Point-to-Point Protocol to authenticate an identity and password for a peer. This paper uses a new knowledge-based framework to verify the PAP protocol and a fixed version. Flaws are found in both the original and the fixed versions. A new enhanced protocol is provided and the security of it is proved The whole process is implemented in a mechanical reasoning platform, Isabelle. It only takes a few seconds to find flaws in the original and the fixed protocol and to verify that the enhanced version of the PAP protocol is secure.
Resumo:
We report on a variant of the so-called Cascade protocol that is well-known for its usage as information reconciliation protocol in quantum cryptography. A theoretical analysis of the optimal size of the parity check blocks is provided. We obtain a very small leakage which is for block sizes of 2^16 typically only 2.5% above the Shannon limit, and notably, this holds for a QBER between 1% and 50%. For a QBER between 1% and 6% the leakage is only 2% above the Shannon limit. As comparison, the leakage of the original Cascade algorithm is 20% (40%) above the Shannon limit for a QBER of 10% (35%).
Resumo:
* Work is partially supported by the Lithuanian State Science and Studies Foundation.
Resumo:
* Work is partially supported by the Lithuanian State Science and Studies Foundation.
Resumo:
A Universal Serial Bus (USB) Mass Storage Device (MSD), often termed a USB flash drive, is ubiquitously used to store important information in unencrypted binary format. This low cost consumer device is incredibly popular due to its size, large storage capacity and relatively high transfer speed. However, if the device is lost or stolen an unauthorized person can easily retrieve all the information. Therefore, it is advantageous in many applications to provide security protection so that only authorized users can access the stored information. In order to provide security protection for a USB MSD, this paper proposes a session key agreement protocol after secure user authentication. The main aim of this protocol is to establish session key negotiation through which all the information retrieved, stored and transferred to the USB MSD is encrypted. This paper not only contributes an efficient protocol, but also does not suffer from the forgery attack and the password guessing attack as compared to other protocols in the literature. This paper analyses the security of the proposed protocol through a formal analysis which proves that the information is stored confidentially and is protected offering strong resilience to relevant security attacks. The computational cost and communication cost of the proposed scheme is analyzed and compared to related work to show that the proposed scheme has an improved tradeoff for computational cost, communication cost and security.
Resumo:
Objective: To assess the fetal lumbosacral spine by three-dimensional (3D) ultrasonography using volume contrast imaging (VCI) omni view method and compare reproducibility and agreement between three different measurement techniques: standard mouse, high definition mouse and pen-tablet. Methods: A comparative and prospective study with 40 pregnant women between 20 and 34+6 weeks was realized. 3D volume datasets of the fetal spine were acquired using a convex transabdominal transducer. Starting scan plane was the coronal section of fetal lumbosacral spine by VCI-C function. Omni view manual trace was selected and a parallel plane of fetal spine was drawn including interest region. Intraclass correlation coefficient (ICC) was used for reproducibility analysis. The relative difference between three used techniques was compared by chi-square test and Fischer test. Results: Pen-tablet showed better reliability (ICC = 0.987). In the relative proportion of differences, this was significantly higher for the pen-tablet (82.14%; p < 0.01). In paired comparison, the relative difference was significantly greater for the pen-tablet (p < 0.01). Conclusion: The pen-tablet showed to be the most reproductive and concordant method in the measurement of body vertebral area of fetal lumbosacral spine by 3D ultrasonography using the VCI.
Resumo:
Secret-key agreement, a well-known problem in cryptography, allows two parties holding correlated sequences to agree on a secret key communicating over a public channel. It is usually divided into three different procedures: advantage distillation, information reconciliation and privacy amplification. The efficiency of each one of these procedures is needed if a positive key rate is to be attained from the legitimate parties? correlated sequences. Quantum key distribution (QKD) allows the two parties to obtain correlated sequences, provided that they have access to an authenticated channel. The new generation of QKD devices is able to work at higher speeds and in noisier or more absorbing environments. This exposes the weaknesses of current information reconciliation protocols, a key component to their performance. Here we present a new protocol based in low-density parity-check (LDPC) codes that presents the advantages of low interactivity, rate adaptability and high efficiency,characteristics that make it highly suitable for next generation QKD devices.
Resumo:
Este artigo apresenta a experiência de implantação de um sistema de gestão em Saúde do Trabalhador implantado na Superintendencia de Controle de Endemias (SUCEN), no período de 1998 a 2002, que operava na atividade de controle químico de vetores no Estado de São Paulo. OBJETIVO: Descrever o sistema de gestão participativa, as ações desenvolvidas e os principais resultados alcançados. MÉTODO: Relato da experiência vivenciada pela equipe usando abordagem qualitativa, análise de documentos e apresentação de dados quantitativos. RESULTADOS: Foram eleitas 11 Comissões de Saúde e Trabalho (COMSAT's) que em conjunto com a equipe técnica iniciaram a identificação dos riscos e de propostas para prevenção e controle dos riscos no trabalho. O mapeamento de riscos resultou em 650 recomendações, 45,7% das quais foram executadas. Foram identificadas como doenças relacionadas ao trabalho: reações alérgicas aos pesticidas, lesões por esforços repetitivos, distúrbios auditivos e patologias de coluna vertebral. Participaram dos cursos básicos de saúde do trabalhador 1.003 servidores (76,3% do total de servidores), sendo que 90,8% dos participantes os consideraram ótimos ou bons. CONCLUSÕES: O sistema de gerenciamento participativo coloca em prática os princípios de gestão democrática do Sistema Único de Saúde (SUS); incorpora, por meio do mapeamento de riscos, o saber do trabalhador; inclui os trabalhadores como sujeitos do processo de negociação e mudanças; pratica o direito à informação. As COMSAT's revelaram-se espaços adequados para a negociação das melhorias nas condições de trabalho. A aprovação do sistema de gestão culminou na validação legal por meio de um acordo tripartite assinado em março de 2002.
Resumo:
Background: The metabolic syndrome (MS) represents a cluster of metabolic disorders that predicts diabetes and cardiovascular disease. Several definitions exist and further descriptive and prospective data are needed to compare these definitions and their significance in different populations. Objective: We examined, in a country of the African region, i) the prevalence of MS according to three major definitions (ATP, IDF, WHO); ii) the contribution of individual MS components; and iii) the agreement between the three considered definitions. We also examined the prevalence among diabetics and non-diabetics. Methods: We conducted an examination survey in a sample representative of the general population aged 25-64 of the Seychelles (Indian Ocean, African region), attended by 1255 persons (participation rate of 80.2%). Results: The prevalence of MS was similar with either definition of MS in men (24%--25%) but differed in women (WHO: 25%, ATP: 32%; IDF: 35%). Upon exclusion of diabetic persons, the prevalence was 5-10% lower for all three MS definitions: most diabetic persons had MS although a substantial proportion of diabetic men aged 45--64 did not have MS. The following components were found most often among persons with MS: 90% had high blood pressure (HBP) and 78% had obesity (ATP); 95% had obesity and 84% had HBP (WHO), and 89% had HBP and 75% had impaired glucose regulation (IDF) - not considering impaired glucose regulation and obesity that are compulsory components of the WHO and IDF definitions, respectively. Among persons with MS based on either of the three definitions (37% of total population), less than 80% met both ATP and IDF criteria, 67% both WHO and IDF criteria, 54% both WHO and ATP criteria and only 37% met all three definitions. Conclusion: We found a fairly high prevalence of MS in an African population. However, because there was only poor agreement between the 3 MS definitions, the fairly similar proportions of MS based on ATP, IDF or WHO definitions identified, to a substantial extent, different subjects as having MS.
Resumo:
Background: The metabolic syndrome (MS) represents a cluster of metabolic disorders that predicts diabetes and cardiovascular disease. Several definitions exist and further descriptive and prospective data are needed to compare these definitions and their significance in different populations. Objective: We examined, in a country of the African region, i) the prevalence of MS according to three major definitions (ATP, IDF, WHO); ii) the contribution of individual MS components; and iii) the agreement between the three considered definitions. We also examined the prevalence among diabetics and non-diabetics. Methods: We conducted an examination survey in a sample representative of the general population aged 25-64 of the Seychelles (Indian Ocean, African region), attended by 1255 persons (participation rate of 80.2%). Results: The prevalence of MS was similar with either definition of MS in men (24%-25%) but differed in women (WHO: 25%, ATP: 32%; IDF: 35%). Upon exclusion of diabetic persons, the prevalence was 5-10% lower for all three MS definitions: most diabetic persons had MS although a substantial proportion of diabetic men aged 45-64 did not have MS. The following components were found most often among persons with MS: 90% had high blood pressure (HBP) and 78% had obesity (ATP); 95% had obesity and 84% had HBP (WHO), and 89% had HBP and 75% had impaired glucose regulation (IDF) -not considering impaired glucose regulation and obesity that are compulsory components of the WHO and IDF definitions, respectively. Among persons with MS based on either of the three definitions (37% of total population), less than 80% met both ATP and IDF criteria, 67% both WHO and IDF criteria, 54% both WHO and ATP criteria and only 37% met all three definitions. Conclusions. We found a fairly high prevalence of MS in an African population. However, because there was only poor agreement between the 3 MS definitions, the fairly similar proportions of MS based on ATP, IDF or WHO definitions identified, to a substantial extent, different subjects as having MS.
Resumo:
One of the key emphases of these three essays is to provide practical managerial insight. However, good practical insight, can only be created by grounding it firmly on theoretical and empirical research. Practical experience-based understanding without theoretical grounding remains tacit and cannot be easily disseminated. Theoretical understanding without links to real life remains sterile. My studies aim to increase the understanding of how radical innovation could be generated at large established firms and how it can have an impact on business performance as most businesses pursue innovation with one prime objective: value creation. My studies focus on large established firms with sales revenue exceeding USD $ 1 billion. Usually large established firms cannot rely on informal ways of management, as these firms tend to be multinational businesses operating with subsidiaries, offices, or production facilities in more than one country. I. Internal and External Determinants of Corporate Venture Capital Investment The goal of this chapter is to focus on CVC as one of the mechanisms available for established firms to source new ideas that can be exploited. We explore the internal and external determinants under which established firms engage in CVC to source new knowledge through investment in startups. We attempt to make scholars and managers aware of the forces that influence CVC activity by providing findings and insights to facilitate the strategic management of CVC. There are research opportunities to further understand the CVC phenomenon. Why do companies engage in CVC? What motivates them to continue "playing the game" and keep their active CVC investment status. The study examines CVC investment activity, and the importance of understanding the influential factors that make a firm decide to engage in CVC. The main question is: How do established firms' CVC programs adapt to changing internal conditions and external environments. Adaptation typically involves learning from exploratory endeavors, which enable companies to transform the ways they compete (Guth & Ginsberg, 1990). Our study extends the current stream of research on CVC. It aims to contribute to the literature by providing an extensive comparison of internal and external determinants leading to CVC investment activity. To our knowledge, this is the first study to examine the influence of internal and external determinants on CVC activity throughout specific expansion and contraction periods determined by structural breaks occurring between 1985 to 2008. Our econometric analysis indicates a strong and significant positive association between CVC activity and R&D, cash flow availability and environmental financial market conditions, as well as a significant negative association between sales growth and the decision to engage into CVC. The analysis of this study reveals that CVC investment is highly volatile, as demonstrated by dramatic fluctuations in CVC investment activity over the past decades. When analyzing the overall cyclical CVC period from 1985 to 2008 the results of our study suggest that CVC activity has a pattern influenced by financial factors such as the level of R&D, free cash flow, lack of sales growth, and external conditions of the economy, with the NASDAQ price index as the most significant variable influencing CVC during this period. II. Contribution of CVC and its Interaction with R&D to Value Creation The second essay takes into account the demands of corporate executives and shareholders regarding business performance and value creation justifications for investments in innovation. Billions of dollars are invested in CVC and R&D. However there is little evidence that CVC and its interaction with R&D create value. Firms operating in dynamic business sectors seek to innovate to create the value demanded by changing market conditions, consumer preferences, and competitive offerings. Consequently, firms operating in such business sectors put a premium on finding new, sustainable and competitive value propositions. CVC and R&D can help them in this challenge. Dushnitsky and Lenox (2006) presented evidence that CVC investment is associated with value creation. However, studies have shown that the most innovative firms do not necessarily benefit from innovation. For instance Oyon (2007) indicated that between 1995 and 2005 the most innovative automotive companies did not obtain adequate rewards for shareholders. The interaction between CVC and R&D has generated much debate in the CVC literature. Some researchers see them as substitutes suggesting that firms have to choose between CVC and R&D (Hellmann, 2002), while others expect them to be complementary (Chesbrough & Tucci, 2004). This study explores the interaction that CVC and R&D have on value creation. This essay examines the impact of CVC and R&D on value creation over sixteen years across six business sectors and different geographical regions. Our findings suggest that the effect of CVC and its interaction with R&D on value creation is positive and significant. In dynamic business sectors technologies rapidly relinquish obsolete, consequently firms operating in such business sectors need to continuously develop new sources of value creation (Eisenhardt & Martin, 2000; Qualls, Olshavsky, & Michaels, 1981). We conclude that in order to impact value creation, firms operating in business sectors such as Engineering & Business Services, and Information Communication & Technology ought to consider CVC as a vital element of their innovation strategy. Moreover, regarding the CVC and R&D interaction effect, our findings suggest that R&D and CVC are complementary to value creation hence firms in certain business sectors can be better off supporting both R&D and CVC simultaneously to increase the probability of generating value creation. III. MCS and Organizational Structures for Radical Innovation Incremental innovation is necessary for continuous improvement but it does not provide a sustainable permanent source of competitiveness (Cooper, 2003). On the other hand, radical innovation pursuing new technologies and new market frontiers can generate new platforms for growth providing firms with competitive advantages and high economic margin rents (Duchesneau et al., 1979; Markides & Geroski, 2005; O'Connor & DeMartino, 2006; Utterback, 1994). Interestingly, not all companies distinguish between incremental and radical innovation, and more importantly firms that manage innovation through a one-sizefits- all process can almost guarantee a sub-optimization of certain systems and resources (Davila et al., 2006). Moreover, we conducted research on the utilization of MCS along with radical innovation and flexible organizational structures as these have been associated with firm growth (Cooper, 2003; Davila & Foster, 2005, 2007; Markides & Geroski, 2005; O'Connor & DeMartino, 2006). Davila et al. (2009) identified research opportunities for innovation management and provided a list of pending issues: How do companies manage the process of radical and incremental innovation? What are the performance measures companies use to manage radical ideas and how do they select them? The fundamental objective of this paper is to address the following research question: What are the processes, MCS, and organizational structures for generating radical innovation? Moreover, in recent years, research on innovation management has been conducted mainly at either the firm level (Birkinshaw, Hamel, & Mol, 2008a) or at the project level examining appropriate management techniques associated with high levels of uncertainty (Burgelman & Sayles, 1988; Dougherty & Heller, 1994; Jelinek & Schoonhoven, 1993; Kanter, North, Bernstein, & Williamson, 1990; Leifer et al., 2000). Therefore, we embarked on a novel process-related research framework to observe the process stages, MCS, and organizational structures that can generate radical innovation. This article is based on a case study at Alcan Engineered Products, a division of a multinational company provider of lightweight material solutions. Our observations suggest that incremental and radical innovation should be managed through different processes, MCS and organizational structures that ought to be activated and adapted contingent to the type of innovation that is being pursued (i.e. incremental or radical innovation). More importantly, we conclude that radical can be generated in a systematic way through enablers such as processes, MCS, and organizational structures. This is in line with the findings of Jelinek and Schoonhoven (1993) and Davila et al. (2006; 2007) who show that innovative firms have institutionalized mechanisms, arguing that radical innovation cannot occur in an organic environment where flexibility and consensus are the main managerial mechanisms. They rather argue that radical innovation requires a clear organizational structure and formal MCS.
Resumo:
The ability of the supplier firm to generate and utilise customer-specific knowledge has attracted increasing attention in the academic literature during the last decade. It has been argued the customer knowledge should treated as a strategic asset the same as any other intangible assets. Yet, at the same time it has been shown that the management of customer-specific knowledge is challenging in practice, and that many firms are better at acquiring customer knowledge than at making use of it. This study examines customer knowledge processing in the context of key account management in large industrial firms. This focus was chosen because key accounts are demanding and complex. It is not unusual for a single key account relationship to constitute a complex web of relationships between the supplier and the key account – thus easily leading to the dispersion of customer-specific knowledge in the supplier firm. Although the importance of customer-specific knowledge generation has been widely acknowledged in the literature, surprisingly little attention has been paid to the processes through which firms generate, disseminate and use such knowledge internally for enhancing the relationships with their major, strategically important key account customers. This thesis consists of two parts. The first part comprises a theoretical overview and draws together the main findings of the study, whereas the second part consists of five complementary empirical research papers based on survey data gathered from large industrial firms in Finland. The findings suggest that the management of customer knowledge generated about and form key accounts is a three-dimensional process consisting of acquisition, dissemination and utilization. It could be concluded from the results that customer-specific knowledge is a strategic asset because the supplier’s customer knowledge processing activities have a positive effect on supplier’s key account performance. Moreover, in examining the determinants of each phase separately the study identifies a number of intra-organisational factors that facilitate the process in supplier firms. The main contribution of the thesis lies in linking the concept of customer knowledge processing to the previous literature on key account management. Moreover, given than this literature is mainly conceptual or case-based, a further contribution is to examine its consequences and determinants based on quantitative empirical data.
