The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
We expect our access to use outside information to be a simple affair. We know we need specific information ... we know someone is collecting or generating it ... we know someone is processing it ... we know someone is transmitting it to us ... we expect it to be perfect. But that is where everything breaks down because each of us comes up with a different conclusion (using similar information). One...
A security-oriented program transformation maps programs to security-augmented programs, i.e. it introduces a protection mechanism to make programs more secure. Our previous work defined security-oriented program transformations [6], introduced a catalog of transformations [8], and showed how program transformations could be applied to systematically eradicate various types of data injection attacks...
In 2004, Das et al. proposed a ldquoDynamic ID-based Remote User Authentication Scheme using Smart Cardsrdquo. This scheme have the advantage that users can choose and change their password freely and the server does not maintain any verifier table, which avoid the risk of stolen/modifying this table. However, in 2005, Liao et al. demonstrated that Das et al.'s scheme suffers from guessing attacks,...
Research in sensor networks has focused on development of energy efficient infrastructures. In this article, we introduce a new approach to organize sensor networks in clusters in order to reduce energy dissipation. Our contribution is an heuristic to define the number of clusters and also an efficient manner to choose cluster heads by minimizing the distance between cluster heads and its cluster...
Message authentication is a critical task in wireless sensor applications not only because it is a basic building block to ensure the authenticity of information but also a prerequisite for bootstrapping cryptographic secrets. Authentication has been explored extensively in the literature, however, the insecure environment within a fabric where multiple users and applications coexist, and limitations...
We present a new penalty-based genetic algorithm for the multi-source and multi-sink minimum vertex cut problem, and illustrate the algorithm's usefulness with two real-world applications. It is proved in this paper that the genetic algorithm always produces a feasible solution by exploiting some domain-specific knowledge. The genetic algorithm has been implemented on the example applications and...
Circuits built using multi-valued fixed polarity Reed-Muller expansions based on Galois field arithmetic, in particular quaternary expansions over GF(4), normally display high efficiency in terms of power consumption, area, etc. However, security application specific gate level mapping shows inefficient results for uniform radix expansions. The idea of the research here is to consolidate binary and...
Research literature has argued the need for a methodology to measure security assurance levels of a system as vital in order to maintain and improve the overall system security. This paper proposes a risk-based security assurance metric and aggregation techniques to be incorporated in a methodology for the evaluation of IT systems security assurance.
In 2008, Zhu-Wu showed that the redefined Liawpsilas broadcasting cryptosystem is still insecure in that an unauthorized user is able to obtain the shared secret, which is only intended for certain privileged users. However, Zhu-Wu did not provide an improvement of the redefined Liawpsilas broadcasting cryptosystem. In addition, we found that the redefined Liawpsilas broadcasting cryptosystem has...
A statistical databases (SDBs) are used mainly for statistical queries (such as sum, average, count, etc) on various populations. Users are permitted to retrieve statistical information, but information about specific individual should not be disclosed. The key representation auditing scheme is proposed to protect online and dynamic SDBs from being disclosed. The core idea is to convert the original...
Biometrics play an important role in modern access control systems to overcome the problems of forgotten, stolen or easily-guessed passwords. With the recent developments in cryptography, hashing and random number generation, biometrics and cryptography are combined in new generation cryptosystems. In this paper, it is aimed to produce a unique binary biometric identity code (bit string) by using...
Automated trust negotiation is an approach to establish trust in pervasive computing environment, where the involved participators belong to different security domains and need to establish trust before interactions can take place. However, during the trust negotiation, onepsilas private information can be easily exploited to infer through observing onepsilas behavior, even if access control policies...
The global trends have not changed lately: global socio-economic divisions, climate change, resource competition and maintaining security by military force [Oxford Research Group] remain on the top list. However the financial crisis has shifted the risk landscape dramatically [Global Risk 2009; WEF]. If extracting the root cause of this incident you find a company behavior or management pattern, which...
In 2004, Peyravian et al. presented three simple solutions to X.509 PKI method that these three solutions could save storage, bandwidth and reduce the complexity of the operations. However, we find that Peyravian et al. second scheme suffers from the masquerade attack and this paper will propose a slight improvement to their scheme to resist this weakness.
Grid computing has contributed to advances in computational and communication technologies, which has made economically feasible the conglomeration of multiple clusters of heterogeneous networked resources and services that, in turn, has lead to the development of large-scale distributed systems. However, available resources may be shortage. We propose a secure delivery and billing protocol between...
Web application security is the hottest issue in the present scenario of e-business environment. Web application attacks can play havoc with the system within no time. More than 80% attacks are at application layer and almost 90% applications are vulnerable to these attacks. Traditional solutions in the form of Web scanners, firewall, intrusion detection system (IDS) or Web proxies are ineffective...
In this paper a new message encryption scheme using a concept called cheating text is proposed. The original message is embedded in a meaningful text called cheating text. The positions of the characters of the plain text in the cheating text are stored as real message index file (RIF). This file is encrypted and sent along with the cheating text. The receiver, in turn, decrypts the RIF table and...
One of the most efficient methods for cracking passwords is the one based on ldquorainbow tablesrdquo; those lookup tables are offering an almost optimal time-memory tradeoff in the process of recovering the plaintext password from a password hash generated by a cryptographic hash function. In this paper, we demonstrate the first known system, implemented in a state-of-the-art reconfigurable device...
Within the framework of Markowitz's portfolio theory, this paper analyzes the problem of the optimal portfolio on VaR. By using historical data of return loss to simulate several situations, we built an optimal portfolio model for VaR and proposed the detailed algorithms. The simplicity and the effectiveness of these algorithms were also demonstrated with concrete examples.
This paper proposes an efficient architecture to produce a hierarchical access control scheme for the multicast application environment. The architecture divides the group members into several subgroups with different access rights. In order to enhance the efficiency, the theory of Weil pairing is introduced to present a three party key agreement protocol. The advantages of this scheme are : (1) easy...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.