The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Although it is a deployed system, the data collection process of Smart Grids (SGs) is still a topic that needs consideration. The reason behind this is that Advanced Metering Infrastructure (AMI) applications used for collection can cause leakage of sensitive information about the users if data is sent as plaintext. In this paper, we propose a system that provides privacy with the Paillier cryptosystem...
We derive impossibility (converse) bounds for the efficiency of implementing information theoretically secure oblivious transfer and bit commitment using correlated observations. Our approach is based on relating these problems to that of testing if the observations of the parties are conditionally independent given the adversary's observation. The resulting bounds strengthen and improve upon several...
Traditionally, card emulation mode in Near Field Communication devices makes use of a hardware Secure Element (SE) as a secure storage and execution environment for applications. However, a different way of card emulation that bypasses the SE has emerged, referred to as Host-based Card Emulation (HCE). HCE relies on the phone CPU for processing power, sharing it with other running processes. This...
A secure location-based service requires that a mobile user certifies his position before gaining access to a resource. Currently, most of the existing solutions addressing this issue assume a trusted third party that can vouch for the position claimed by a user. However, as computation and communication capacities become ubiquitous with the large scale adoption of smartphones by individuals, we propose...
An exam is a practise for assessing the knowledge of a candidate from an examination she takes. Exams are used in various contexts, such as in university tests and public competitions. We begin by identifying various security and privacy requirements that modern exams should meet, especially in the prospect of them being supported by information and communication technologies. These requirements extend...
We proposes a verifiable quantum secret sharing protocol based on entanglement swapping in this paper. It provides one-to-one communication to dealer who want to connect with the other participants. The dealer chooses the detection or information mode by uniform distribution until he can make sure the information to the participant is safe, and then communicates with the next participant. It can prevent...
Learning techniques allow the automatic inference of the behaviour of a system as a finite state machine. We demonstrate that learning techniques can be used to extract such formal models from software on banking smart cards which - as most bank cards do - implement variants of the EMV protocol suite. Such automated reverse-engineering, which only observes the smart card as a black box, takes little...
We present a solution which improves the level of privacy possible in location based services (LBS). A core component of LBS is proximity testing of users. Alice wants to know if she is near to Bob (or generally some location). The presented solution support private proximity testing and is actively secure meaning it prevents a number of attacks possible in existing protocols for private proximity...
Globalization of the semiconductor industry increases the vulnerability of integrated circuits. This particularly becomes a major concern for cryptographic IP blocks integrated on a System-on-Chip (SoC). The trustworthiness of these cryptographic blocks can be ensured with a secure test strategy. Presently, the IEEE 1500 Test Wrapper has emerged as the test standard for industrial SoCs. Additionally...
A fuzzer is a program that attempts to find security vulnerabilities in an application by sending random or semi-random input. Fuzzers have been widely used to find vulnerabilities in protocol implementations. The implementations may conform to the design of the protocol, but most of the times some glitches might remain. As a result vulnerabilities might remain unnoticed. Consequently, different implementations...
With the popularity of the Internet, the extension speed of network resources always lags behind the demands of network bandwidth of network users. It is not an omnipotent solution to increase the available bandwidth. That is why it is important to analyze, control and manage network traffic accurately nowadays. It is reported that, as one of the prominent occupants, peer-to-peer (P2P) traffic takes...
We prove new results regarding the complexity of various complexity classes under randomized oracle reductions. We first prove that BPPPSZK ⊆ AM ∩ coAM, where PSZK is the class of promise problems having statistical zero knowledge proofs. This strengthens the previously known facts that PSZK is closed under NC1 truth-table reductions (Sahai and Vadhan, J. ACM '03) and that PPSZK ⊆ AM ∩ coAM (Vadhan,...
The operation of achieving authenticated key agreement between two human-operated mobile devices over a short range wireless communication channel, such as Bluetooth or Wi-Fi, is known as "pairing." The devices being paired are ad hoc in nature, i.e., they can not be assumed to have a prior context (such as pre-shared secrets) or a common trusted on- or off-line authority. However, the devices...
The theory of authentication tests is a powerful tool for analyzing and designing cryptographic protocols. However, it is difficult to apply the theory directly to prove the security goals of the protocols because determining the type of the test (e.g. outgoing, incoming and unsolicited test) is a little complex for computer and deriving the security properties of a test needs more intelligence. Therefore,...
In order to quickly generate secret key in low-power held-hand devices, Modadugu et al. propose two server-aided RSA key generation protocol, along with Chen et al. sequentially propose four improved protocol. However, one drawback of these protocols is they can??t resist collusion attack. In this paper, we implement a new server-aided RSA key generation protocol, which can resist collusion attack...
Today more then ever, secure communication is a must. Most companies now user network infrastructure to conduct their business, whether internally (intranet model) or externally to reach partners or customers (extranet/Internet models). While it is utopian to consider today's networks as being safe, there are solutions to make them more secure and use them with a bit of trust. The key aspects to securing...
The effectiveness of statecharts as a tool to express the desired behavior of security protocols and a source of tests for their implementations was investigated. Specifically, TLS protocol was modeled as a statechart and tests generated from its flattened version. The GnuTLS implementation of the protocol was then tested against the generated tests. The MC/DC coverage of different components of the...
In a real world, it is often in a group setting that sensitive information has to be stored in databases of a server. Although personal information does not need to be stored in a server, the secret information shared by group members is likely to be stored there. The shared sensitive information requires more security and privacy protection. To our best knowledge, there is no paper which deals with...
LRIT (long range identification and tracking of ships) system is close to its implementation and the LRIT information (identification and position of the vessels) is very sensitive. In this paper the structure of system data bases and communication links in the LRIT system are presented. In this context, a security of the LRIT information will be analyzed, moreover cryptographic mechanisms in the...
We present a new mechanized prover for secrecy properties of security protocols. In contrast to most previous provers, our tool does not rely on the Dolev-Yao model, but on the computational model. It produces proofs presented as sequences of games; these games are formalized in a probabilistic polynomial-time process calculus. Our tool provides a generic method for specifying security properties...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.