Use of Novel Algorithms MAJE4 and MACJER-320 for Achieving Confidentiality and Message Authentication in SSL & TLS

Extensive use of the Internet coupled with the marvelous growth in e-commerce and m-commerce has created a huge demand for information security. The Secure Socket Layer (SSL) protocol is the most widely used security protocol in the Internet which meets this demand. It provides protection against eaves droppings, tampering and forgery. The cryptographic algorithms RC4 and HMAC have been in use for achieving security services like confidentiality and authentication in the SSL. But recent attacks against RC4 and HMAC have raised questions in the confidence on these algorithms. Hence two novel cryptographic algorithms MAJE4 and MACJER-320 have been proposed as substitutes for them. The focus of this work is to demonstrate the performance of these new algorithms and suggest them as dependable alternatives to satisfy the need of security services in SSL. The performance evaluation has been done by using practical implementation method.

Use of Novel Algorithms MAJE4 and MACJER-320 for Achieving Confidentiality and Message Authentication in SSL & TLS.

Extensive use of the Internet coupled with the marvelous growth in e-commerce and m-commerce has created a huge demand for information security. The Secure Socket Layer (SSL) protocol is the most widely used security protocol in the Internet which meets this demand. It provides protection against eaves droppings, tampering and forgery. The cryptographic algorithms RC4 and HMAC have been in use for achieving security services like confidentiality and authentication in the SSL. But recent attacks against RC4 and HMAC have raised questions in the confidence on these algorithms. Hence two novel cryptographic algorithms MAJE4 and MACJER-320 have been proposed as substitutes for them. The focus of this work is to demonstrate the performance of these new algorithms and suggest them as dependable alternatives to satisfy the need of security services in SSL. The performance evaluation has been done by using practical implementation method.

Comunicazioni sicure su canali eterogenei: un'analisi sistematica di SSL da Java a Jolie

All’interno di questa tesi è stata affrontata la tematica della realizzazione di comuni- cazioni sicure, in modo da ottenere l'indipendenza di queste ultime dal canale utilizzato, con l'ausilio di strumenti in grado di fornire supporto per la creazione di applicativi orientati allo scambio di dati e messaggi, quali i linguaggi di programmazione Java e Jolie, il quale è basato sul precedente. Sono state inizialmente analizzate le principali caratteristiche e le problematiche più importanti che è necessario dover risolvere in modo da poter arrivare al risultato desiderato. Successivamente, è stato dato un ampio sguardo ad una delle scienze più applicate per risolvere i problemi tipici che affliggono questo tipo di comunicazioni, la crittografia. Sono stati elencati gli strumenti messi a disposizione ed il loro funzionamento. La crittografia viene poi applicata al protocollo SSL, il quale rappresenta la soluzione maggiormente diffusa, sia sul Web che in altri ambiti, per proteggere le informazioni personali che transitano tra gli end-point di una comunicazione. Sono state elencate le principali caratteristiche, alcuni cenni riguardanti la nascita e lo sviluppo ed è stato descritto il funzionamento di questo protocollo, soprattutto per quanto riguarda la sua fase preliminare, che è una delle parti che lo caratterizzano maggiormente. In seguito, è stata analizzata la soluzione fornita all’interno delle librerie del linguaggio Java per realizzare comunicazioni indipendenti dal mezzo di comunicazione che soddisfino le politiche dettate dal protocollo SSL. Questa soluzione è rappresentata dalla classe SSLEngine, che è quindi stata esaminata, a partire dal ciclo di vita e dall'inizializzazione, fino ad arrivare all'interazione all'interno di un applicazione. Quanto esplorato in precedenza viene poi applicato a Jolie, un linguaggio di programmazione basato sulle comunicazioni e sviluppato in Java, all'interno dell'Università di Bologna. Dopo uno sguardo generale alle sue caratteristiche è stata approfondita la gestione dei protocolli, e di conseguenza, l'introduzione di SSL all'interno di essi, realizzata tramite la classe SSLProtocol. Questa classe contiene ed implementa i concetti analizzati nel capitolo riguardante Java, adattandoli all'architettura ed alla progettazione pensata appositamente per Jolie; è stata quindi effettuata un'analisi del codice e della gestione della classe SSLEngine per realizzare comunicazioni sicure. Infine, per verificare l’effettivo funzionamento, sono stati creati due semplici casi d’uso per poter sfruttare i vantaggi offerti da Jolie, il quale è particolarmente indicato per la creazione di applicazioni orientate ai servizi.

Clinical Influence Of Different Intracanal Medications On Th1-type And Th2-type Cytokine Responses In Apical Periodontitis.

This clinical study assessed the influence of different intracanal medications on Th1-type and Th2-type cytokine responses in apical periodontitis and monitored the levels of bacteria from primarily infection during endodontic procedures. Thirty primarily infected teeth were randomly divided into 3 groups according to the medication selected: chlorhexidine (CHX), 2% CHX gel; Ca(OH)2/SSL, Ca(OH)2 + SSL; and Ca(OH)2/CHX, Ca(OH)2 + 2% CHX gel (all, n = 10). Bacterial sample was collected from root canals, and the interstitial fluid was sampled from lesions. Culture techniques were used to determine bacterial counts (colony-forming units/mL). Th1 (tumor necrosis factor-α, interferon-γ, and interleukin [IL]-2) and Th2 cytokines (IL-4, IL-5, and IL-13) were measured by enzyme-linked immunosorbent assay. All intracanal medication protocols were effective in reducing the bacterial load from root canals (all P < .05) and lowering the levels of Th1-type cytokines in apical lesions (all P < .05), with no differences between them (P > .05). Both Ca(OH)2 treatment protocols significantly increased the levels of Th2-type cytokines (P < .05), with no differences between them (P > .05). Thus, chlorhexidine medication showed the lowest effectiveness in increasing the levels of Th2-type cytokine. After treatment, regardless of the type of medication, the linear regression analysis indicated the down-regulation of Th2-type cytokines by Th1-type cytokines. All intracanal medication protocols were effective in reducing bacterial load and lowering the levels of Th1-type cytokines. Thus, the use of Ca(OH)2 medications contributed to the increase in the Th2-type cytokine response in apical periodontitis.

Upconversion in Nd(3+)-doped glasses: Microscopic theory and spectroscopic measurements

In this work, we report a systematic investigation of upconversion losses and their effects on fluorescence quantum efficiency and fractional thermal loading in Nd(3+)-doped fluoride glasses. The energy transfer upconversion (gamma(up)) parameter, which describes upconversion losses, was experimentally determined using different methods: thermal lens (TL) technique and steady state luminescence (SSL) measurements. Additionally, the upconversion parameter was also obtained from energy transfer models and excited state absorption measurements. The results reveal that the microscopic treatment provided by the energy transfer models is similar to the macroscopic ones achieved from the TL and SSL measurements because similar gamma(up) parameters were obtained. Besides, the achieved results also point out the migration-assisted energy transfer according to diffusion-limited regime rather than hopping regime as responsible for the upconversion losses in Nd-doped glasses. (c) 2008 American Institute of Physics.

Chronic Stress Is Associated with High Cortisol Levels and Emotional Coping Mechanisms in Amnestic Mild Cognitive Impairment

Background/Aims: To investigate the association between cortisol levels, chronic stress and coping in subjects with amnestic-type mild cognitive impairment (aMCI). Methods: Cortisol levels were measured using morning saliva samples from 33 individuals with aMCI and from 41 healthy elderly. Chronic stress was evaluated with the Stress Symptoms List (SSL), whereas coping strategies were assessed using the Jalowiec Coping Scale. Results: aMCI subjects with high SSL scores presented higher cortisol levels (p = 0.045). Furthermore, aMCI subjects who employed emotion-focused coping had higher SSL scores (p = 0.023). Conclusion: The association between increased cortisol secretion, chronic stress and coping strategies may be modulated by the presence or absence of cognitive impairment, where memory deficit awareness constitutes an additional potential factor involved in high stress severity. Copyright (C) 2009 S. Karger AG, Basel

Fermentation kinetics for xylitol production by a Pichia stipitis D-Xylulokinase mutant previously grown in spent sulfite liquor

Spent sulfite pulping liquor (SSL) contains lignin, which is present as lignosulfonate, and hemicelluloses that are present as hydrolyzed carbohydrates. To reduce the biological oxygen demand of SSL associated with dissolved sugars, we studied the capacity of Pichia stipitis FPL-YS30 (xyl3 Delta) to convert these sugars into useful products. FPL-YS30 produces a negligible amount of ethanol while converting xylose into xylitol. This work describes the xylose fermentation kinetics of yeast strain P.stipitis FPL-YS30. Yeast was grown in rich medium supplemented with different carbon sources: glucose, xylose, or ammonia-base SSL. The SSL and glucose-acclimatized cells showed similar maximum specific growth rates (0.146 h(-1)). The highest xylose consumption at the beginning of the fermentation process occurred using cells precultivated in xylose, which showed relatively high specific activity of glucose-6-phosphate dehydrogenase (EC 1.1.1.49). However, the maximum specific rates of xylose consumption (0.19 g(xylose)/g(cel) h) and xylitol production (0.059 g(xylitol)/g(cel) h) were obtained with cells acclimatized in glucose, in which the ratio between xylose reductase (EC 1.1.1.21) and xylitol dehydrogenase (EC 1.1.1.9) was kept at higher level (0.82). In this case, xylitol production (31.6 g/l) was 19 and 8% higher than in SSL and xylose-acclimatized cells, respectively. Maximum glycerol (6.26 g/l) and arabitol (0.206 g/l) production were obtained using SSL and xylose-acclimatized cells, respectively. The medium composition used for the yeast precultivation directly reflected their xylose fermentation performance. The SSL could be used as a carbon source for cell production. However, the inoculum condition to obtain a high cell concentration in SSL needs to be optimized.

Using Reverberation to Improve Range and Elevation Discrimination for Small Array Sound Source Localization

Sound source localization (SSL) is an essential task in many applications involving speech capture and enhancement. As such, speaker localization with microphone arrays has received significant research attention. Nevertheless, existing SSL algorithms for small arrays still have two significant limitations: lack of range resolution, and accuracy degradation with increasing reverberation. The latter is natural and expected, given that strong reflections can have amplitudes similar to that of the direct signal, but different directions of arrival. Therefore, correctly modeling the room and compensating for the reflections should reduce the degradation due to reverberation. In this paper, we show a stronger result. If modeled correctly, early reflections can be used to provide more information about the source location than would have been available in an anechoic scenario. The modeling not only compensates for the reverberation, but also significantly increases resolution for range and elevation. Thus, we show that under certain conditions and limitations, reverberation can be used to improve SSL performance. Prior attempts to compensate for reverberation tried to model the room impulse response (RIR). However, RIRs change quickly with speaker position, and are nearly impossible to track accurately. Instead, we build a 3-D model of the room, which we use to predict early reflections, which are then incorporated into the SSL estimation. Simulation results with real and synthetic data show that even a simplistic room model is sufficient to produce significant improvements in range and elevation estimation, tasks which would be very difficult when relying only on direct path signal components.

Infância Institucionalizada: Narrativas das crianças sobre o antes, o durante e o pós alta hospitalar

Dissertação apresentada à Escola Superior de Educação de Lisboa para a obtenção do grau de Mestre em Ciências da Educação, especialização em Educação Social e Intervenção Comunitária

Estudo de vulnerabilidades em aplicações web e o seu reflexo em domínios Portugueses

Muito se tem falado sobre revolução tecnológica e do aparecimento constante de novas aplicações Web, com novas funcionalidades que visam facilitar o trabalho dos utilizadores. Mas será que estas aplicações garantem que os dados transmitidos são tratados e enviados por canais seguros (protocolos)? Que garantias é que o utilizador tem que mesmo que a aplicação utilize um canal, que prevê a privacidade e integridade de dados, esta não apresente alguma vulnerabilidade pondo em causa a informação sensível do utilizador? Software que não foi devidamente testado, aliado à falta de sensibilização por parte dos responsáveis pelo desenvolvimento de software para questões de segurança, levam ao aumento de vulnerabilidades e assim exponenciam o número de potenciais vítimas. Isto aliado ao efeito de desinibição que o sentimento de invisibilidade pode provocar, conduz ao facilitismo e consequentemente ao aumento do número de vítimas alvos de ataques informáticos. O utilizador, por vezes, não sabe muito bem do que se deve proteger, pois a confiança que depõem no software não pressupõem que os seus dados estejam em risco. Neste contexto foram recolhidos dados históricos relativos a vulnerabilidades nos protocolos SSL/TLS, para perceber o impacto que as mesmas apresentam e avaliar o grau de risco. Para além disso, foram avaliados um número significativo de domínios portugueses para perceber se os mesmos têm uma vulnerabilidade específica do protocolo SSL/TLS.

A layer 2 multipath fabric using a centralized controller

Dissertação para obtenção do Grau de Mestre em Engenharia Electrotécnica e de Computadores

Using an LED as a sensor and visible light communication device in a smart illumination system

The need for more efficient illumination systems has led to the proliferation of Solid-State Lighting (SSL) systems, which offer optimized power consumption. SSL systems are comprised of LED devices which are intrinsically fast devices and permit very fast light modulation. This, along with the congestion of the radio frequency spectrum has paved the path for the emergence of Visible Light Communication (VLC) systems. VLC uses free space to convey information by using light modulation. Notwithstanding, as VLC systems proliferate and cost competitiveness ensues, there are two important aspects to be considered. State-of-the-art VLC implementations use power demanding PAs, and thus it is important to investigate if regular, existent Switched-Mode Power Supply (SMPS) circuits can be adapted for VLC use. A 28 W buck regulator was implemented using a off-the-shelf LED Driver integrated circuit, using both series and parallel dimming techniques. Results show that optical clock frequencies up to 500 kHz are achievable without any major modification besides adequate component sizing. The use of an LED as a sensor was investigated, in a short-range, low-data-rate perspective. Results show successful communication in an LED-to-LED configuration, with enhanced range when using LED strings as sensors. Besides, LEDs present spectral selective sensitivity, which makes them good contenders for a multi-colour LED-to-LED system, such as in the use of RGB displays and lamps. Ultimately, the present work shows evidence that LEDs can be used as a dual-purpose device, enabling not only illumination, but also bi-directional data communication.

Disseny i implementació d¿una plataforma per a la recollida i signatura d'iniciatives legislatives populars

Aquest projecte implementa una plataforma web per a la creació i signatura digital d'iniciatives legislatives populars. La solució es basa en la implementació d'un sistema d'autenticació mitjançant SSL i certificats digitals.

Plataforma d'exàmens en xarxa

La finalitat del projecte és la de desenvolupar una plataforma que porti a terme tot el procés de realització d'un examen, des de la part de creació fins a l'obtenció de les notes. És una eina multiplataforma i s'ha considerat com un punt molt important l'aspecte de la seguretat. Les principals tecnologies que intervenen en el projecte són per una banda Java per la realització de les aplicacions de la plataforma, XML com a eina per treballar amb les dades dels exàmens, alumnes, resultats i respostes obtingudes, XSLT i XSL-FO per realitzar les transformacions, Java Web Start per desplegar l'examen i SSL per controlar la seguretat.

Palveluntoimittajien etäkäyttöyhteydet

Tässä insinöörityössä tutkittiin kolmannen osapuolen etäkäyttöyhteyksien toteuttamismahdollisuuksia. Työ tehtiin Fingrid Oyj:lle, joka vastaa Suomen päävoimansiirtoverkosta. Työn ensimmäisessä vaiheessa opiskeltiin yksityisten virtuaaliverkkojen teoriaa. Virtuaaliverkkotekniikoiden käyttömahdollisuudet opiskeltiin käytännön kokemuksen kautta. Tämän jälkeen työssä selvitettiin SSL VPN -tekniikan teoriaa ja sen todellista toimintaa. Lisäksi tutkittiin kolmannen osapuolen yhteyksien heikkouksia ja vahvuuksia. Tämä työ mahdollisti myös tutustumisen tietoturvastandardeihin ja käytännön SSL VPN -toteutukseen. Työn tuloksena todettiin SSL VPN -arkkitehtuurin toiminta- ja käyttömahdollisuudet. SSL VPN todettiin tehokkaimmaksi ja joustavimmaksi tavaksi tehdä palveluntoimittajien etäkäyttöyhteydet. Lisäksi työssä on pohdittu palveluntoimittajien etäkäyttöyhteyksien ongelmien ratkaisuja. Työn ohella toteutettiin käytännön SSL VPN toteutus Fingrid Oyj:lle.