The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Trust is an important factor for successful online communication. Trust has been used as a criterion for service selection. Most trust and reputation studies assume a system where trust and reputations already exist. However, it is important to initialize trust rates for new services, which have no rating history, the so-called trust bootstrapping process. Trust bootstrapping assists the requestors...
Location coordinates provide interesting context data for various purposes. In the early days location data was mainly connected to emergency services, but nowadays several social and commercial applications can benefit from users' position information. Smartphones may reveal location data directly to application developers, but due to the latest developments any mobile can be traced using operators'...
In this paper, we show how Trusted Platform Modules (TPMs), standard security hardware devices, can be used with minor modification to efficiently support Secure Function Evaluation (SFE), a fundamental and extremely powerful cryptographic operation. Prior research by others has shown how SFE can benefit from using security hardware, but prior work has used either custom hardware tokens or powerful...
This paper presents a solution to ensure arbitrarily secure communication in a large computer network by using secret sharing and multiple parties mistrusting each other instead of relying on some “trusted party” or a “web of trust”. In contrast to other solutions that use a PKI and require asymmetric encryption, this concept can guarantee to provide secure communication even after any possible advance...
Demand for wireless communications has been growing rapidly. This popularity of wireless networks is due to many advantages compared to the wired networks. However, since wireless signals are open to anyone, the security issues with wireless networks becoming a real concern. In our previous research work, we have demonstrated a Quantum Cryptography based approach for IEEE 802.11 networks to distribute...
In this paper, we define the RC4 state and introduce its forward and backward property. Based on the RC4 state and its forward and backward property, a simple, lightweight, but robust security protocol which achieves data confidentiality, data authentication, data integrity, and data freshness with low overhead and simple operations is presented. Furthermore, an RC4 state based hash function for the...
Proof-carrying code (PCC) is a technique that addresses the problem of mobile code safety. It is a mechanism in which a code producer provides both code and a proof certifying that the code will run safely on a code consumer's machine. The code consumer or the host system will validate the proof against a safety policy before executing the source code. Foundational proof-carrying code (FPCC) aims...
Remote attestation of computing platforms, using trusted hardware, guarantees the integrity, and by this the trustworthiness of a host to remote parties. While classical binary attestation attests the configuration itself, property-based attestation (PBA) attests properties and thus offers higher privacy guarantees to the host and its user. Nonetheless, both techniques are free from any user authentication...
While DES has been proven to be breakable within a day given sufficient computational power, AES is still in use because it is extremely resistant to cryptanalytic attacks. Power Analytic Attacks use power consumption traces of the hardware or software implementation of these algorithms to reduce search space exponentially in the size of the key, thereby making computational complexity several orders...
For Car-to-X (C2X) communication, group signature based protocols can provide privacy and authentication for vehicles that are members of the respective group. Current group approaches all rely on a centralized group key generation and distribution. We propose a novel decentralized approach based on n-party Diffie-Hellman key establishment. The proposed protocol implies a low latency for key establishment...
Traditional security and access control systems, such as MLS/Bell-LaPadula, RBAC are rigid and do not contain automatic mechanisms through which a system can increase or decrease users' access to classified information. Therefore, in this paper, we propose a risk-based decision method for an access control system. Firstly, we dynamically calculate the trust and risk values for each subject-object...
In the paper, the uncertainty of trust is transformed into a probability vector denoting the probability distribution over possible trust levels of an entity that is hidden from observation but determined by its expected performance. We propose the use of Poisson Hidden Markov Models (PHMMs) for estimating the trust for entities in wireless environments, in which the Poisson distribution is used to...
In an eHealth peer-to-peer database management system(P2PDBMS), peers exchange data in a pair-wise fashion on-the-fly in response to a query without any centralized control. Generally, the communication link between two peers is insecure and peers create a temporary session while exchanging data. When peers exchange highly confidential data in an eHealth network over an insecure communication link,...
In this paper, we address the issue of security verification and evaluation of systems at the design level. To this end, we elaborate a practical and formal framework that enables security risk assessment and security requirements verification on systems that are designed using SysML activity diagrams. Our approach is based on probabilistic adversarial interactions between potential attackers and...
In this paper, we present a privacy control mechanism called PDE (Privacy Data Envelope) allowing users to protect their privacy sensitive content travelling over social and communication networks. Our solution is based on privacy policies expressed by the user and associated with his content. This approach makes use of a decentralized architecture carried out through a PDE feature that has to be...
Identity theft has become one of the fastest growing crimes. Most people are unaware of the amount of data they disclose over all the Internet services proposed by search engines, social networking sites, e-commerce web sites, free online tools, etc. They are also unaware that this data can be easily aggregated, data-mined and linked together, which may lead to a potential identity theft should it...
The nature of computer crimes has systematically evolved with the progress of computer technologies. Due to the complexity of forensic investigations, the design of new techniques and tools for speeding up and automating tasks required by digital forensic processes has become a challenging task. In particular, the collection of (live) digital evidence is a delicate work that requires special care...
With the rapid development of applications in open distributed environments such as eCommerce, privacy of information is becoming a critical issue. Information about the preferences, activities, and demographic attributes of people using online shopping is very valuable to online businesses. Beyond the general anxieties with sharing personal information, people may more specifically have concerns...
There is a rapidly growing market for direct-to-consumer health services offered through the Internet and other information and communication technologies (ICT). Personal health information is one of the most sensitive types of data;while consumer health services have many potential health benefits, privacy advocates have warned consumers about the privacy risks associated with the indiscriminate...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.