Security management in communications systems : everything you've always wanted to know about public-key cryptosystems.

Michelman, Eric Howard

January 1978

Thesis. 1978. M.S.--Massachusetts Institute of Technology. Alfred P. Sloan School of Management. / MICROFICHE COPY AVAILABLE IN ARCHIVES AND DEWEY. / Bibliography: leaf 79. / M.S.

Sloan School of Management

Computers Access control

Telecommunication systems

A secure one-use dynamic backdoor password system based on public key cryptography.

January 2002

Yu Haitao. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2002. / Includes bibliographical references (leaves 71). / Abstracts in English and Chinese. / Chapter Chapter 1. --- Introduction --- p.1 / Chapter 1.1 --- Introduction --- p.1 / Chapter 1.2 --- Thesis organization --- p.6 / Chapter Chapter 2. --- Conventional password authentication and backdoor password schemes --- p.7 / Chapter 2.1 --- Password and password authentication --- p.7 / Chapter 2.1.1 --- Introduction to password and its security problems --- p.7 / Chapter 2.1.2 --- Front-door passwords vs. backdoor passwords --- p.8 / Chapter 2.1.3 --- Dynamic passwords vs. static passwords --- p.9 / Chapter 2.2 --- Forgotten-password problem --- p.10 / Chapter Chapter 3. --- Introduction to Cryptography --- p.12 / Chapter 3.1 --- Introduction to information security --- p.12 / Chapter 3.2 --- Conventional cryptography --- p.16 / Chapter 3.3 --- Public-key cryptography --- p.21 / Chapter 3.4 --- RSA cryptosystem --- p.24 / Chapter 3.5 --- One-way function --- p.27 / Chapter 3.6 --- Digital signature --- p.30 / Chapter 3.7 --- Secret sharing --- p.34 / Chapter 3.8 --- Zero-knowledge proof --- p.34 / Chapter 3.9 --- Key management --- p.36 / Chapter 3.9.1 --- Key distribution in conventional cryptography --- p.36 / Chapter 3.9.2 --- Distribution of public keys --- p.39 / Chapter Chapter 4. --- A secure one-use dynamic backdoor password system based on Public Key Cryptography --- p.42 / Chapter 4.1 --- System objectives --- p.42 / Chapter 4.2 --- Simple system and analysis --- p.45 / Chapter 4.2.1 --- System diagram --- p.45 / Chapter 4.2.2 --- System protocol --- p.46 / Chapter 4.2.3 --- Applied technologies --- p.50 / Chapter 4.2.4 --- System security analysis --- p.52 / Chapter 4.3 --- Multi-user system and analysis --- p.55 / Chapter 4.3.1 --- Modification to the system diagram --- p.56 / Chapter 4.3.2 --- Modification to the system protocol --- p.57 / Chapter 4.3.3 --- System analysis for multi-user system --- p.64 / Chapter 4.4 --- Applicable modes and analysis --- p.66 / Chapter 4.5 --- Conclusion --- p.68 / Chapter Chapter 5. --- Conclusion --- p.69 / Bibliography --- p.71 / Appendix --- p.72 / Chapter A. --- Algorithm of MD5 --- p.72 / Chapter B. --- Algorithm of DSA --- p.76 / Chapter C. --- Algorithm of RSA --- p.79

Public key cryptography

Computers--Access control--Passwords

Computer security

Authentication

Paid prioritization and its implications on network neutrality. / CUHK electronic theses & dissertations collection

January 2013

Wang, Jingjing. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2013. / Includes bibliographical references (leaves 58-62). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstracts also in Chinese.

Internet--Access control

Internet--Management

Internet service providers

Identity based cryptography from pairings.

January 2006

Yuen Tsz Hon. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2006. / Includes bibliographical references (leaves 109-122). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iii / List of Notations --- p.viii / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Identity Based Cryptography --- p.3 / Chapter 1.2 --- Hierarchical Identity Based Cryptosystem --- p.4 / Chapter 1.3 --- Our contributions --- p.5 / Chapter 1.4 --- Publications --- p.5 / Chapter 1.4.1 --- Publications Produced from This Thesis --- p.5 / Chapter 1.4.2 --- Publications During Author's Study in the Degree --- p.6 / Chapter 1.5 --- Thesis Organization --- p.6 / Chapter 2 --- Background --- p.8 / Chapter 2.1 --- Complexity Theory --- p.8 / Chapter 2.1.1 --- Order Notation --- p.8 / Chapter 2.1.2 --- Algorithms and Protocols --- p.9 / Chapter 2.1.3 --- Relations and Languages --- p.11 / Chapter 2.2 --- Algebra and Number Theory --- p.12 / Chapter 2.2.1 --- Groups --- p.12 / Chapter 2.2.2 --- Elliptic Curve --- p.13 / Chapter 2.2.3 --- Pairings --- p.14 / Chapter 2.3 --- Intractability Assumptions --- p.15 / Chapter 2.4 --- Cryptographic Primitives --- p.18 / Chapter 2.4.1 --- Public Key Encryption --- p.18 / Chapter 2.4.2 --- Digital Signature --- p.19 / Chapter 2.4.3 --- Zero Knowledge --- p.21 / Chapter 2.5 --- Hash Functions --- p.23 / Chapter 2.6 --- Random Oracle Model --- p.24 / Chapter 3 --- Literature Review --- p.26 / Chapter 3.1 --- Identity Based Signatures --- p.26 / Chapter 3.2 --- Identity Based Encryption --- p.27 / Chapter 3.3 --- Identity Based Signcryption --- p.27 / Chapter 3.4 --- Identity Based Blind Signatures --- p.28 / Chapter 3.5 --- Identity Based Group Signatures --- p.28 / Chapter 3.6 --- Hierarchical Identity Based Cryptography --- p.29 / Chapter 4 --- Blind Identity Based Signcryption --- p.30 / Chapter 4.1 --- Schnorr's ROS problem --- p.31 / Chapter 4.2 --- BIBSC and Enhanced IBSC Security Model --- p.32 / Chapter 4.2.1 --- Enhanced IBSC Security Model --- p.33 / Chapter 4.2.2 --- BIBSC Security Model --- p.36 / Chapter 4.3 --- Efficient and Secure BIBSC and IBSC Schemes --- p.38 / Chapter 4.3.1 --- Efficient and Secure IBSC Scheme --- p.38 / Chapter 4.3.2 --- The First BIBSC Scheme --- p.43 / Chapter 4.4 --- Generic Group and Pairing Model --- p.47 / Chapter 4.5 --- Comparisons --- p.52 / Chapter 4.5.1 --- Comment for IND-B --- p.52 / Chapter 4.5.2 --- Comment for IND-C --- p.54 / Chapter 4.5.3 --- Comment for EU --- p.55 / Chapter 4.6 --- Additional Functionality of Our Scheme --- p.56 / Chapter 4.6.1 --- TA Compatibility --- p.56 / Chapter 4.6.2 --- Forward Secrecy --- p.57 / Chapter 4.7 --- Chapter Conclusion --- p.57 / Chapter 5 --- Identity Based Group Signatures --- p.59 / Chapter 5.1 --- New Intractability Assumption --- p.61 / Chapter 5.2 --- Security Model --- p.62 / Chapter 5.2.1 --- Syntax --- p.63 / Chapter 5.2.2 --- Security Notions --- p.64 / Chapter 5.3 --- Constructions --- p.68 / Chapter 5.3.1 --- Generic Construction --- p.68 / Chapter 5.3.2 --- An Instantiation: IBGS-SDH --- p.69 / Chapter 5.4 --- Security Theorems --- p.73 / Chapter 5.5 --- Discussions --- p.81 / Chapter 5.5.1 --- Other Instantiations --- p.81 / Chapter 5.5.2 --- Short Ring Signatures --- p.82 / Chapter 5.6 --- Chapter Conclusion --- p.82 / Chapter 6 --- Hierarchical IBS without Random Oracles --- p.83 / Chapter 6.1 --- New Intractability Assumption --- p.87 / Chapter 6.2 --- Security Model: HIBS and HIBSC --- p.89 / Chapter 6.2.1 --- HIBS Security Model --- p.89 / Chapter 6.2.2 --- Hierarchical Identity Based Signcryption (HIBSC) --- p.92 / Chapter 6.3 --- Efficient Instantiation of HIBS --- p.95 / Chapter 6.3.1 --- Security Analysis --- p.96 / Chapter 6.3.2 --- Ordinary Signature from HIBS --- p.101 / Chapter 6.4 --- Plausibility Arguments for the Intractability of the OrcYW Assumption --- p.102 / Chapter 6.5 --- Efficient HIBSC without Random Oracles --- p.103 / Chapter 6.5.1 --- Generic Composition from HIBE and HIBS --- p.104 / Chapter 6.5.2 --- Concrete Instantiation --- p.105 / Chapter 6.6 --- Chapter Conclusion --- p.107 / Chapter 7 --- Conclusion --- p.108 / Bibliography --- p.109

Public key cryptography

Computers--Access control

Data encryption (Computer science)

Multi-Decision Policy and Policy Combinator Specifications

Giannakopoulos, Theophilos John

21 February 2012

Margrave is a specification language and analysis tool for access control policies with semantics based in order-sorted logic. The clear logical roots of Margrave's semantics makes policies specified in the Margrave language both machine analyzable and relatively easy for users to reason about. However, the decision conflict resolution declaration and policy set features of Margrave do not have semantics that are as cleanly rooted in order-sorted logic as Margrave policies and queries are. Additionally, the current semantics of decision conflict resolution declarations and of policy sets do not permit users to take full advantage of the multi-decision capabilities of Margrave policies. The purposes of this thesis are (i) to provide a unified extension to the semantics for policies and policy combination, (ii) to cleanly support decision conflict resolution mechanisms in a general way within those semantics and (iii) to provide insight into the properties of policy combination and decision conflict resolution for multi-decision policies in general. These goals are achieved via the realization that policy combinators may be treated as policies operating within environments extended with the results of the policies to be combined, allowing policy combinators to be defined as if they were policies. The ability to treat policy combinators as policies means that users' current understanding of policies can be easily extended to policy combinators. Additionally, the tools that Margrave has for supporting policies can be leveraged as the Margrave language and analysis tool grow to provide fuller support for policy combination and rule conflict resolution declarations.

formal methods

access control

policy combinators

policies

specifications

Margrave

Privacy-Preserving Personal Health Record System Using Attribute-Based Encryption

ZHENG, YAO

03 July 2011

"Personal health record (PHR) service is an emerging model for health information exchange. It allows patients to create, manage, control and share their health information with other users as well as healthcare providers. In reality, a PHR service is likely to be hosted by third-party cloud service providers in order to enhance its interoperability. However, there have been serious privacy concerns about outsourcing PHR data to cloud servers, not only because cloud providers are generally not covered entities under HIPAA, but also due to an increasing number of cloud data breach incidents happened in recent years. In this thesis, we propose a privacy-preserving PHR system using attribute-based encryption (ABE). In this system, patients can encrypt their PHRs and store them on semi-trusted cloud servers such that servers do not have access to sensitive PHR contexts. Meanwhile patients maintain full control over access to their PHR files, by assigning fine-grained, attribute-based access privileges to selected data users, while different users can have access to different parts of their PHR. Our system also provides extra features such as populating PHR from professional electronic health record (EHR) using ABE. In order to evaluate our proposal, we create a Linux library that implement primitive of key-policy attribute-based encryption (KP-ABE) algorithms. We also build a PHR application based on Indivo PCHR system that allow doctors to encrypt and submit their prescription and diagnostic note to PHR servers using KP-ABE. We evaluate the performance efficiency of different ABE schemes as well as the data query time of Indivo PCHR system when PHR data are encrypted under ABE scheme."

PHR

ABE

fine-grained access control

security

privacy

Margrave: An Improved Analyzer for Access-Control and Configuration Policies

Nelson, Timothy

13 April 2010

As our society grows more dependent on digital systems, policies that regulate access to electronic resources are becoming more common. However, such policies are notoriously difficult to configure properly, even for trained professionals. An incorrectly written access-control policy can result in inconvenience, financial damage, or even physical danger. The difficulty is more pronounced when multiple types of policy interact with each other, such as in routers on a network. This thesis presents a policy-analysis tool called Margrave. Given a query about a set of policies, Margrave returns a complete collection of scenarios that satisfy the query. Since the query language allows multiple policies to be compared, Margrave can be used to obtain an exhaustive list of the consequences of a seemingly innocent policy change. This feature gives policy authors the benefits of formal analysis without requiring that they state any formal properties about their policies. Our query language is equivalent to order-sorted first-order logic (OSL). Therefore our scenario-finding approach is, in general, only complete up to a user-provided bound on scenario size. To mitigate this limitation, we identify a class of OSL that we call Order-Sorted Effectively Propositional Logic (OS-EPL). We give a linear-time algorithm for testing membership in OS-EPL. Sentences in this class have the Finite Model Property, and thus Margrave's results on such queries are complete without user intervention.

finite model property

applied logic

firewalls

access control

A user-transparent distributed data base management system

Housh, Richard Dale

January 2010

Typescript, etc. / Digitized by Kansas Correctional Industries

Database management

Computers-- Access control.

Access control model for WebServices eGovernment infrastructure.

January 2003

Tam Ka Wing Matthew. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2003. / Includes bibliographical references (leaves 84-89). / Abstracts in English and Chinese. / Acknowledgement --- p.i / Abstract --- p.i / Table of Contents --- p.iii / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- eGovernment Requirements --- p.5 / Chapter 2.1 --- Efficient Operation --- p.5 / Chapter 2.2 --- Citizen-centric Government --- p.7 / Chapter 2.3 --- Security --- p.10 / Chapter 2.3.1 --- Confidentiality --- p.10 / Chapter 2.3.2 --- Integrity --- p.12 / Chapter 2.3.3 --- Availability --- p.12 / Chapter 2.4 --- Support of eBusiness --- p.13 / Chapter 3 --- Webservices for e-Government - A Marriage for Interoperability --- p.15 / Chapter 4 --- A Webservices Based eGovernment Framework --- p.17 / Chapter 4.1 --- System Component Model --- p.17 / Chapter 4.2 --- System Access Model --- p.18 / Chapter 4.3 --- Security Model --- p.20 / Chapter 4.3.1 --- Access Right Model --- p.20 / Chapter 4.3.2 --- Authentication Model --- p.22 / Chapter 4.4 --- Transaction Model --- p.23 / Chapter 5 --- eGovernment WebServices Access Control --- p.25 / Chapter 5.1 --- eGovernment WebService --- p.25 / Chapter 5.2 --- Request of Access --- p.27 / Chapter 5.3 --- eGovernment Access Policy --- p.30 / Chapter 5.3.1 --- Administration Based Policy --- p.32 / Chapter 5.3.2 --- Legislation Based Policy --- p.33 / Chapter 6 --- Research in Access Control --- p.38 / Chapter 6.1 --- Traditional Model --- p.38 / Chapter 6.2 --- More Advanced Models --- p.39 / Chapter 6.2.1 --- Role-Based Access Control Model --- p.39 / Chapter 6.2.2 --- Task-Based Authorisation Control Models --- p.41 / Chapter 6.2.3 --- Digital Library Authorisation Model --- p.42 / Chapter 6.3 --- Recent Works --- p.44 / Chapter 6.4 --- Limitations of the Models --- p.45 / Chapter 7 --- Proposed Approach --- p.47 / Chapter 7.1 --- WebService Specific Access Control --- p.48 / Chapter 7.1.1 --- WebService Access Rules --- p.48 / Chapter 7.1.2 --- Authorisation Conflict Resolution --- p.50 / Chapter 7.2 --- Subject Based Access Control --- p.52 / Chapter 7.2.1 --- Subject Category --- p.52 / Chapter 7.2.2 --- Subject Access Rules --- p.53 / Chapter 7.2.3 --- WebService Registration --- p.55 / Chapter 7.2.4 --- Authorisation Conflict Resolution --- p.56 / Chapter 7.3 --- The WebServices --- p.57 / Chapter 7.4 --- Combining Two Level Access Control --- p.57 / Chapter 7.5 --- Application to Chained WebService Request --- p.58 / Chapter 7.6 --- Comparison with the Existing Access Control Models --- p.59 / Chapter 8 --- An Implementation Reference Model --- p.60 / Chapter 8.1 --- Some Practical Issues --- p.60 / Chapter 8.1.1 --- Citizen Privacy --- p.60 / Chapter 8.1.2 --- Trust between eGovernment Systems --- p.61 / Chapter 8.1.3 --- Authentication --- p.62 / Chapter 8.2 --- System Architecture --- p.64 / Chapter 8.2.1 --- eGovernment WebServices Gateway --- p.65 / Chapter 8.2.2 --- Authentication Engine --- p.66 / Chapter 8.2.3 --- Access Control Database --- p.66 / Chapter 8.2.4 --- Access Control Decision Engine --- p.67 / Chapter 8.2.5 --- A Working Scenario --- p.67 / Chapter 8.3 --- Implementation --- p.69 / Chapter 9 --- Evaluation of the Proposed Mechanism --- p.74 / Chapter 9.1 --- Application Scenarios --- p.75 / Chapter 9.1.1 --- Citizen Level Access Right --- p.75 / Chapter 9.1.2 --- Access Means Based Authorisation --- p.76 / Chapter 9.1.3 --- Access Right Based on Combination of User and Consumer Identity --- p.77 / Chapter 9.1.4 --- Legislation Based Access Right --- p.78 / Chapter 9.1.5 --- Joined-up Government --- p.79 / Chapter 10 --- Conclusion and Future Directions --- p.81 / References --- p.84

Internet in public administration

Lip motion tracking and analysis with application to lip-password based speaker verification

Liu, Xin

01 January 2013

No description available.

Access control

Computers

Lipreading

Lips

Passwords

Speech perception