Rechtliche Aspekte der elektronischen Willenserklärung im deutschen und koreanischen Recht : eine Untersuchung vor dem Hintergrund des europäischen Rechts und des E-commerce-Rechts von UNCITRAL /

Jang, Byeong Ju.

Unknown Date

Kiel, Universiẗat, Diss., 2008.

Assessing the reliability of digital evidence from live investigations involving encryption

Hargreaves, Christopher James

January 2009

The traditional approach to a digital investigation when a computer system is encountered in a running state is to remove the power, image the machine using a write blocker and then analyse the acquired image. This has the advantage of preserving the contents of the computer’s hard disk at that point in time. However, the disadvantage of this approach is that the preservation of the disk is at the expense of volatile data such as that stored in memory, which does not remain once the power is disconnected. There are an increasing number of situations where this traditional approach of ‘pulling the plug’ is not ideal since volatile data is relevant to the investigation; one of these situations is when the machine under investigation is using encryption. If encrypted data is encountered on a live machine, a live investigation can be performed to preserve this evidence in a form that can be later analysed. However, there are a number of difficulties with using evidence obtained from live investigations that may cause the reliability of such evidence to be questioned. This research investigates whether digital evidence obtained from live investigations involving encryption can be considered to be reliable. To determine this, a means of assessing reliability is established, which involves evaluating digital evidence against a set of criteria; evidence should be authentic, accurate and complete. This research considers how traditional digital investigations satisfy these requirements and then determines the extent to which evidence from live investigations involving encryption can satisfy the same criteria. This research concludes that it is possible for live digital evidence to be considered to be reliable, but that reliability of digital evidence ultimately depends on the specific investigation and the importance of the decision being made. However, the research provides structured criteria that allow the reliability of digital evidence to be assessed, demonstrates the use of these criteria in the context of live digital investigations involving encryption, and shows the extent to which each can currently be met.

004

Assessing the Reliability of Digital Evidence from Live Investigations Involving Encryption

Hargreaves, C J

24 November 2009

The traditional approach to a digital investigation when a computer system is encountered in a running state is to remove the power, image the machine using a write blocker and then analyse the acquired image. This has the advantage of preserving the contents of the computer’s hard disk at that point in time. However, the disadvantage of this approach is that the preservation of the disk is at the expense of volatile data such as that stored in memory, which does not remain once the power is disconnected. There are an increasing number of situations where this traditional approach of ‘pulling the plug’ is not ideal since volatile data is relevant to the investigation; one of these situations is when the machine under investigation is using encryption. If encrypted data is encountered on a live machine, a live investigation can be performed to preserve this evidence in a form that can be later analysed. However, there are a number of difficulties with using evidence obtained from live investigations that may cause the reliability of such evidence to be questioned. This research investigates whether digital evidence obtained from live investigations involving encryption can be considered to be reliable. To determine this, a means of assessing reliability is established, which involves evaluating digital evidence against a set of criteria; evidence should be authentic, accurate and complete. This research considers how traditional digital investigations satisfy these requirements and then determines the extent to which evidence from live investigations involving encryption can satisfy the same criteria. This research concludes that it is possible for live digital evidence to be considered to be reliable, but that reliability of digital evidence ultimately depends on the specific investigation and the importance of the decision being made. However, the research provides structured criteria that allow the reliability of digital evidence to be assessed, demonstrates the use of these criteria in the context of live digital investigations involving encryption, and shows the extent to which each can currently be met.

Forensic engineering - Data processing

Forensic Computing

Microcomputers

Data encryption - Computer science

Computer security

Criminal investigation

Electronic records - Law and legislation

Digital signatures

Direct Online/Offline Digital Signature Schemes.

Yu, Ping

12 1900

Online/offline signature schemes are useful in many situations, and two such scenarios are considered in this dissertation: bursty server authentication and embedded device authentication. In this dissertation, new techniques for online/offline signing are introduced, those are applied in a variety of ways for creating online/offline signature schemes, and five different online/offline signature schemes that are proved secure under a variety of models and assumptions are proposed. Two of the proposed five schemes have the best offline or best online performance of any currently known technique, and are particularly well-suited for the scenarios that are considered in this dissertation. To determine if the proposed schemes provide the expected practical improvements, a series of experiments were conducted comparing the proposed schemes with each other and with other state-of-the-art schemes in this area, both on a desktop class computer, and under AVR Studio, a simulation platform for an 8-bit processor that is popular for embedded systems. Under AVR Studio, the proposed SGE scheme using a typical key size for the embedded device authentication scenario, can complete the offline phase in about 24 seconds and then produce a signature (the online phase) in 15 milliseconds, which is the best offline performance of any known signature scheme that has been proven secure in the standard model. In the tests on a desktop class computer, the proposed SGS scheme, which has the best online performance and is designed for the bursty server authentication scenario, generated 469,109 signatures per second, and the Schnorr scheme (the next best scheme in terms of online performance) generated only 223,548 signatures. The experimental results demonstrate that the SGE and SGS schemes are the most efficient techniques for embedded device authentication and bursty server authentication, respectively.

bursty server authentication

standard model

Online/offline digital signature schemes

embedded dvice authentication

Digital signatures.

Computer networks -- Access control.

Computer networks -- Security measures.

Integrity, authentication and confidentiality in public-key cryptography / Intégrité, authentification et confidentialité en cryptographie à clé publique

Ferradi, Houda

22 September 2016

Cette thèse présente des résultats appartenant aux trois thèmes fondamentaux de la cryptographie à clé publique : l’intégrité, l’authentification et la confidentialité. Au sein de chaque thème nous concevons des nouvelles primitives et améliorons des primitives existantes. Le premier chapitre, dédié à l’intégrité, introduit une preuve non-interactive de génération appropriée de clés publiques RSA et un protocole de co-signature dans lequel tout irrespect de l’équité laisse automatiquement la partie lésée en possession d’une preuve de culpabilité incriminant la partie tricheuse. Le second chapitre, ayant pour sujet l’authentification, montre comme une mesure de temps permet de raccourcir les engagements dans des preuves à divulgation nulle et comment des biais, introduits à dessin dans le défi, permettent d’accroitre l’efficacité de protocoles. Ce chapitre généralise également le protocole de Fiat-Shamir à plusieurs prouveurs et décrit une fraude très sophistiquée de cartes-à-puce illustrant les dangers de protocoles d’authentification mal-conçus. Au troisième chapitre nous nous intéressons à la confidentialité. Nous y proposons un cryptosystème à clé publique où les hypothèses de complexité traditionnelles sont remplacées par un raffinement du concept de CAPTCHA et nous explorons l’application du chiffrement-pot-de-miel au langage naturel. Nos dernières contributions concernent le chiffrement basé sur l’identité (IBE). Nous montrerons comment ajouter des fonctions d’émission à l’IBE hiérarchique et comment l’IBE permet de réduire la fenêtre temporelle de risque lors de la diffusion de mises à jour logicielles. / This thesis presents new results in three fundamental areas of public-key cryptography: integrity, authentication and confidentiality. In each case we design new primitives or improve the features of existing ones. The first chapter, dealing with integrity, introduces a non-interactive proof for proper RSA public key generation and a contract co-signature protocol in which a breach in fairness provides the victim with transferable evidence against the cheater. The second chapter, focusing on authentication, shows how to use time measurements to shorten zeroknowledge commitments and how to exploit bias in zero-knowledge challenges to gain efficiency. This chapter also generalizes Fiat-Shamir into a one-to-many protocol and describes a very sophisticated smart card fraud illustrating what can happen when authentication protocols are wrongly designed. The third chapter is devoted to confidentiality. We propose public-key cryptosystems where traditional hardness assumptions are replaced by refinements of the CAPTCHA concept and explore the adaptation of honey encryption to natural language messages. Our final contributions focus on identity-based encryption (IBE) showing how to add broadcast features to hierarchical IBE and how to use IBE to reduce vulnerability exposure time of during software patch broadcast.

Cryptographie

Intégrité

Authentification

Confidentialité

Chiffrement signatures numériques

Équité

Preuves à divulgation nulle

Cryptography

Integrity

Authentication

Confidentiality

Encryption

Digital signatures

Fairness

Zero-knowledge proofs

510

004.8

A comparative study of the impact of technology on testate succession in South Africa

Mahlaela, Theresia

January 2022

Thesis (LLM. (Development and Management Law)) -- University of Limpopo, 2022 / We live in a Fourth Industrial Revolution(4IR) era where people exchange goods and services through the internet. Such transactions and communications are regulated by the Electronic Communications and Transactions Act (ECTA) 25 of 2002. The ECTA however amongst others, excludes the execution of testamentary wills from its application thus leaving no room for electronic wills. The execution of a valid will in South Africa is governed by the Wills Act 7 of 1953. Against this background, the study investigates whether the presence of enhanced 4IR innovations and methods have the potential to render the Wills Act obsolete and how the exclusion in the ECTA will contribute towards the formation of legal gaps in the law of succession. In confronting these questions, the study seeks to create a synergy between the two abovementioned statutes. The formalities of a valid will are contained in section 2(1) of the Wills Act, it can be deduced from them that a will should be in writing and signed by the testator and two witnesses. Any will not complying with the formalities is dependent upon the discretion of the High Court for validity as per section 2(3) of the Wills Act. The cases of MacDonald v The Master 2002 5 SA 64 (N) and Van der Merwe v The Master 2010 6 SA 546 (SCA) have confronted issues that relate to wills executed in electronic formats. The study interrogates the meaning of ‘writing’ and ‘signature’ and their significance and probes whether they can be fulfilled using electronic means. A comparative approach is adopted to establish the status of electronic wills in the USA and UK. The USA has promulgated legislation to deal with electronic wills and the UK has initiated the process of adopting their own electronic wills legislation in response to the 4IR. With the lessons learned from these jurisdictions the study makes recommendations on how synergy can be created between the Wills Act and the ECTA.

Fourth Industrial Revolution

Electronic Communications

Electronic Signature

Electronic Wills

Writing

Signature

Digital media

Freedom of testation

Wills

Estate planning

GitBark : A Rule-Based Framework for Maintaining Integrity in Source Code Repositories / GitBark : Tillhandahållandet av trovärdighet och integritet i källkod

Bonnici, Elias

January 2023

In today’s digital landscape, maintaining the integrity of source code is crucial for delivering reliable and trustworthy software solutions. However, the increasing prevalence of attacks targeting source code repositories and version control systems (VCSs) poses significant challenges to source code integrity. Unauthorized access to source code repositories can lead to various security risks, including the introduction of malicious code or unauthorized approvals for pull requests. Security measures implemented on the remote server hosting the repository are typically insufficient to detect these types of attacks, resulting in changes potentially remaining undetected and becoming part of the deployed artifact. To address those issues, this study proposes GitBark, a framework that employs cryptographic methods to verify the integrity of a source code repository. GitBark achieves this by enforcing rules and policies on the commits made to the repository. Specifically, the study demonstrates that by formulating rules that utilize digital signatures, GitBark can effectively identify unauthorized changes and approvals. Moreover, GitBark prioritizes maintaining the local repository in a consistent and trustworthy state, reducing reliance on the remote server. Even if changes violating established rules are introduced to the remote repository, GitBark prevents their integration into the local repository. Consequently, users of GitBark can have confidence that their local repository remains a consistent and trustworthy version of the source code, without needing to place full trust on a remote server. An evaluation of GitBark, along with the devised rules, demonstrates its effectiveness in mitigating the threats identified in this study. Additionally, in terms of performance, GitBark incurs a modest overhead, both in time and storage. / I dagens digital värld, så är det viktigare än någonsin att källkodens integritet upprätthålls. Detta är kritiskt för att kunna leverera tillförlitlig och kvalitativ mjukvara. Den ständigt ökade förekomsten av attacker som riktar sig mot källkodsrepon och versionshanteringssystem gör dock upprätthållandet av källkodens integritet svårt. Obehörig åtkomst till källkodsrepo ger upphov till flera säkerhetsrisker såsom inkluderandet av skadlig kod eller obehöriga godkännanden av nya ändringar. De säkerhetsåtgärder som finns implementerade på värdserven där källkodsrepot lagras kan generellt sätt inte detektera dessa typer av attacker, vilket resulterar i att dessa typer av ändringar oftast förblir oupptäckta. För att adressera dessa problem, så presenterar denna studie GitBark, ett verktyg som utnyttjar kryptografiska medel för att verifiera integriteten av ett källkodsrepo. GitBark gör detta genom att kräva regler för commits som görs till källkodsrepot och validera att de upprätthålls. Mer specifikt, så visar att studien att genom att formulera regler som uttnyttjar digitala signaturer så kan GitBark effektivt identifiera oauktoriserade ändringar och godkännanden. Dessutom, prioriterar GitBark att alltid bibehålla det lokala källkodsrepot i ett konsekvent och trovärdigt tillstånd, för att minska beroendet på en remoteserver. Även ifall ändringar som inte uppfyller reglerna introduceras på remote-källkodsrepot så ser GitBark till att dessa ändringar aldrig integreras i det lokala repot. Följaktligen så kan användare av GitBark känna sig säkra i att det lokala källkodsrepot alltid förblir i ett konsekvent och trovärdigt tillstånd i relation till dem etablerade reglerna, utan att behöva förlita sig på en remoteserver. En evaluering av GitBark, tillsammans med de skapade reglerna påvisar dess effektivitet i att adressera de identifierade hoten i denna studie. Dessutom, vad gäller prestanda så har GitBark en liten påverkan både i tid och utrymme.

Source Code Integrity

Version Control System

Git

Threat modeling

Digital signatures

Källkodsintegritet

Versionshanteringssystem

Git

Hotmodellering

Digitala signaturer

Computer and Information Sciences

Data- och informationsvetenskap

台灣保險業導入要/被保人數位簽章之探討 / A study on the insured digital signature of the Taiwan insurance industries

劉明豐

Unknown Date

我國保險業自2004年導入要保人數位簽章以來，不僅在推動上面臨困難，網路業務也未能順利拓展，然政府業務及金融交易已成功導入電子憑證的各項應用，未來，如何兼顧保險電子商務及數位簽章的應用發展，將是保險業的重大挑戰。本研究的主要目的在於探討保險業對要保人數位簽章的態度與傾向，以創新採用速率的主要影響因素作為理論分析基礎，探討風險資安因素對數位簽章的採用影響，以及金融保險憑證與政府相關憑證的採用傾向。本研究採郵寄問卷調查方式蒐集保險業對數位簽章的看法，總計回收有效問卷為46份。研究結果如次： 一、 產險業與壽險業皆不會因為風險資安因素而採用數位簽章。 二、 產險業配合政府政策而採用憑證的意願偏低，壽險業配合政府政策而採用憑證的意願較高。 三、 產險業傾向不採用網路保險憑證，但傾向採用網路銀行憑證、網路下單憑證及政府相關憑證。 四、 不論是網路保險憑證、網路銀行憑證、網路下單憑證及政府相關憑證，壽險業皆傾向採用。 我國保險業如擬繼續推展要保人數位簽章，本研究建議： 一、 訂定未取得要保書正本簽名或未採用數位簽章所應遵循的規範，包括傳真簽名及其他身分確認機制，以創造有利於網路業務發展的環境。 二、 擴大要保人數位簽章的應用範圍，包括開放保險業銷售中風險的保險商品，以及授權保險業存取政府資料庫管控核保風險等，以利保險業提供差異化的網路投保服務。 三、 原則上，以政府相關憑證為主，金融憑證為輔的方式推動保險業採用數位簽章，如有推動上的困難，則改以保險憑證為主，金融憑證為輔的方式替代，並開放保險憑證及金融憑證可經由異業結盟互為使用。 四、 基於維持保險電子商務市場秩序考量，保險經代人經營電子商務宜納入保險業管理規範，以建立公平的市場競爭環境，俾利保險業經營網路投保業務，消費者享有更多保費折扣優惠。 關鍵字：數位簽章、創新感知屬性、網路投保、保險電子商務 / Since the insurers employed insured digital signatures in 2004, they have not only faced difficulties in promotion but also expanded online businesses hardly. However, the government businesses and the financial transactions have fulfilled various applications of digital certificates successfully. In the future, how to well develop the applications of e-insurance and digital signatures at the same time will become a significant challenge for the insurance industries. The major goal of this study is to delve into the insurers’ postures and bents toward the implementation of insured digital signatures. The analysis theory is based on primary factors of affecting the rate of adoption of an innovation. It supports to explore the influence of operational risks and information securities upon the use of digital signatures, and the tendencies of the use of financial digital certificates and government-related digital certificates. To collect the required data provided by insurers, this study used mail questionnaire method, totaling the valid questionnaire of the recovery as 46s. The findings are listed as follows: 1. Both the P&C insurers and the life insurers do not adopt insured digital signatures due to operational risks and information securities. 2. Regarding the compliance of the government policies, the P&C insurers incline not to adopt digital certificates. However, the life insurers incline to adopt digital certificates. 3. The P&C insurers incline not to adopt insurance digital certificates, but incline to adopt banking digital certificates, stock-dealing digital certificates and government-related digital certificates. 4. No matter what kind of digital certificates are, including insurance digital certificates, banking digital certificates, stock-dealing digital certificates and government-related digital certificates, the life insurers incline to adopt any of them. If the insurance industries would like to continue to advance the development of insured digital signatures, the propositions are listed as follows: 1. In order to create a beneficial environment for the development of online businesses, this study suggests developing directions for the signatures by fax and the other signer authentication mechanism. 2. In order to let the insurers offer differential online insurance services, this study proposes permitting the insurers to sell middle-risk insurance products and access government databases for underwriting risk management. 3. In principle, it is preferable that the insurers employ government-related digital certificates and financial digital certificates. If hardly, the insurers employ insurance digital certificates and financial digital certificates instead. Moreover, both digital certificates have reciprocal usage for each other by means of strategic alliance from different financial businesses. 4. Based on the consideration of keeping e-insurance market order, this study propounds that the e-insurance of brokers and agents are incorporated into directions for the e-insurance of insurers in order to establish a fair market competition environment. It is helpful to insurers’ online businesses and consumers’ preferential premiums. Keywords: Digital Signatures, Rate of Adoption of an Innovation, Online Insurance, e-Insurance

數位簽章

創新感知屬性

網路投保

保險電子商務

Digital Signatures

Rate of Adoption of an Innovation

Online Insurance

e-Insurance

Spam on the phone - VoIP and its biggest weakness : Studies about the users’ willingness to offer personal information in order to avoid VoIP spam

Putz, Daniel Robert

January 2007

<p>It is very probable that VoIP will soon replace the ordinary telephone. Beside all advantages of the digital voice-connection it is linked to the danger of spam on the telephone. A lot of approaches have been developed to solve the problem of VoIP spam. Because some of these solutions are based on access to personal information of its users, a broad discussion about the best and most ethical approach has started.</p><p>This thesis analyzes the users’ point of view towards the VoIP spam problem and the extent of users’ willingness to offer private information in order to avoid VoIP spam. It presents results from a qualitative and a quantitative research as well as approaches for a most realistic- and most promising VoIP solution. These new approaches are based on the results of the research.</p><p>The main points of the results showed that users were not willing to offer private information to companies and that they were not willing to pay any amount of money for VoIP spam solutions. Users held governmental organisations and telephone operators responsible for finding a solution against VoIP spam.</p>

VoIP

spam

SIP

H.323

HCI

telephony

privacy

ethics

filtering

authentication

pay-per-call

digital signatures

Turing test

commercial

advertisement

IP-telephony

RFC 3261

Spit

VAM

Skype

MSN-messenger

Sipgate

Information technology

Informationsteknologi

Cryptographic hash functions : cryptanalysis, design and applications

Gauravaram, Praveen Srinivasa

January 2007

Cryptographic hash functions are an important tool in cryptography to achieve certain security goals such as authenticity, digital signatures, digital time stamping, and entity authentication. They are also strongly related to other important cryptographic tools such as block ciphers and pseudorandom functions. The standard and widely used hash functions such as MD5 and SHA-1 follow the design principle of Merkle-Damgard iterated hash function construction which was presented independently by Ivan Damgard and Ralph Merkle at Crypto'89. It has been established that neither these hash functions nor the Merkle-Damgard construction itself meet certain security requirements. This thesis aims to study the attacks on this popular construction and propose schemes that offer more resistance against these attacks as well as investigating alternative approaches to the Merkle-Damgard style of designing hash functions. This thesis aims at analysing the security of the standard hash function Cellular Authentication and Voice Encryption Algorithm (CAVE) used for authentication and key-derivation in the second generation (2G) North American IS-41 mobile phone system. In addition, this thesis studies the analysis issues of message authentication codes (MACs) designed using hash functions. With the aim to propose some efficient and secure MAC schemes based on hash functions. This thesis works on three aspects of hash functions: design, cryptanalysis and applications with the following significant contributions: * Proposes a family of variants to the Damgard-Merkle construction called 3CG for better protection against specific and generic attacks. Analysis of the linear variant of 3CG called 3C is presented including its resistance to some of the known attacks on hash functions. * Improves the known cryptanalytical techniques to attack 3C and some other similar designs including a linear variant of GOST, a Russian standard hash function. * Proposes a completely novel approach called Iterated Halving, alternative to the standard block iterated hash function construction. * Analyses provably secure HMAC and NMAC message authentication codes (MACs) based on weaker assumptions than stated in their proofs of security. Proposes an efficient variant for NMAC called NMAC-1 to authenticate short messages. Proposes a variant for NMAC called M-NMAC which offers better protection against the complete key-recovery attacks than NMAC. As well it is shown that M-NMAC with hash functions also resists side-channel attacks against which HMAC and NMAC are vulnerable. Proposes a new MAC scheme called O-NMAC based on hash functions using just one secret key. * Improves the open cryptanalysis of the CAVE algorithm. * Analyses the security and legal implications of the latest collision attacks on the widely used MD5 and SHA-1 hash functions.

cryptography

hash functions

cryptanalysis

design

applications

Merkle-Damgard construction

CAVE

3CG

3C

GOST-L

F-Hash

NMAC

HMAC

O-NMAC

M-NMAC

NMAC-1

iterated halving

digital signatures

side-channel attacks

practical and legal implications