Spelling suggestions: "subject:"cublic key infrastructure"" "subject:"bublic key infrastructure""
61 |
Efficient, Scalable and Secure Vehicular Communication System : An Experimental StudySingh, Shubhanker January 2020 (has links)
Awareness of vehicles’ surrounding conditions is important in today’s intelligent transportation system. A wide range of effort has been put in to deploy Vehicular Communication (VC) systems to make driving conditions safer and more efficient. Vehicles are aware of their surroundings with the help of authenticated safety beacons in VC systems. Since vehicles act according to the information conveyed by such beacons, verification of beacons plays an important role in becoming aware of and predicting the status of the sender vehicle. The idea of implementing secure mechanisms to deal with a high rate of incoming beacons and processing them with high efficiency becomes a very important part of the whole VC network. The goal of this work was to implement a scheme that deals with a high rate of the incoming beacon, preserve non-repudiation of the accepted messages which contains information about the current and near-future status of the sender vehicle, and at the same time keep the computation overhead as low as possible. Along with this, maintaining user privacy from a legal point of view as well as from a technical perspective by implementing privacy-enhancing technologies. These objectives were achieved by the introduction of Timed Efficient Stream Loss-Tolerant Authentication (TESLA), periodic signature verification, and cooperative verification respectively. Four different scenarios were implemented and evaluated, starting and building upon the baseline approach. Each approach addressed the problems that were aimed at this work and results show improved scalability and efficiency with the introduction of TESLA, periodic signature verification, and cooperative verification. / Medvetenheten om fordons omgivande förhållanden är viktig i dagens intelligenta transportsystem. Ett stort antal ansträngningar har lagts ned för att distribuera VC system för att göra körförhållandena säkrare och effektivare. Fordon är medvetna om sin omgivning med hjälp av autentiserade säkerhetsfyrar i VC system. Eftersom fordon agerar enligt den information som förmedlas av sådana fyrar, spelar verifiering av fyrar en viktig roll för att bli medveten om och förutsäga avsändarfordonets status. Idén att implementera säkra mekanismer för att hantera en hög frekvens av inkommande fyrar och bearbeta dem med hög effektivitet blir en mycket viktig del av hela VC nätverket. Målet med detta arbete var att implementera ett schema som behandlar en hög hastighet för det inkommande fyren, bevara icke-förkastelse av de accepterade meddelandena som innehåller information om den aktuella och närmaste framtida statusen för avsändarfordonet och samtidigt håll beräkningen så låg som möjligt. Tillsammans med detta upprätthåller användarnas integritet ur juridisk synvinkel såväl som ur ett tekniskt perspektiv genom att implementera integritetsförbättrande teknik. Dessa mål uppnåddes genom införandet av TESLA, periodisk signatur verifiering respektive samarbets verifiering. Fyra olika scenarier implementerades och utvärderades med utgångspunkt från baslinjemetoden. Varje tillvägagångssätt tog upp de problem som riktades mot detta arbete och resultaten visar förbättrad skalbarhet och effektivitet med införandet av TESLA, periodisk signatur verifiering och samarbets verifiering.
|
62 |
Enhancing Security, Privacy, and Efficiency of Vehicular NetworksAl-Shareeda, Sarah Yaseen Abdulrazzaq 07 December 2017 (has links)
No description available.
|
63 |
Elektroninio parašo atributų sertifikavimas / Certification of electronic signature attributesLozda, Marius 27 June 2014 (has links)
Darbe nagrinėjama atributinės informacijos sertifikavimo šiuo metu naudojamuose elektroniniuse parašuose problema. Trumpai apžvelgiami elektroninio parašo principai ir supažindinama su viešųjų raktų infrastruktūra, nurodant galimybes jai išplėsti, iškilus poreikiui užtikrinti aukštesnį saugumo lygį keičiantis papildoma (atributine) informacija. Nagrinėjami įvairūs atributinės informacijos sertifikavimo metodai, viešųjų raktų infrastruktūroje įvedant atributų sertifikato ir atributų sertifikavimo centro sąvokas. Pateikiamas tinkamiausio metodo pritaikymo pavyzdys, modeliuojant elektroninio parašo naudojimo situaciją, artimą dabartinei situacijai Lietuvoje. Sprendimo pritaikymas demonstruojamas apibrėžiant patobulintos elektroninio parašo infrastruktūros prototipą. / This paper analyses issues of attribute certification in currently used electronic signatures. Fundamentals of electronic signatures and public key infrastructure are briefly described, focusing on possibilities of achieving higher security level in communication when attribute information is important. Various suggestions for attribute certification are analysed, introducing atribute certificates and atribute authorities. Different certification methods are compared and evaluated, applying the most suitable one in the public key infrastructure usage model, that is constructed by simplifying the current situation of electronic signatures. The solution is represented by describing the prototype of improved electronic signature infrastructure.
|
64 |
The threat of cyberterrorism: Contemporary consequences and prescriptionsStocking, Galen Asher Thomas 01 January 2004 (has links)
This study researches the varying threats that emanate from terrorists who carry their activity into the online arena. It examines several elements of this threat, including virtual to virtual attacks and threats to critical infrastructure that can be traced to online sources. It then reports on the methods that terrorists employ in using information technology such as the internet for propaganda and other communication purposes. It discusses how the United States government has responded to these problems, and concludes with recommendations for best practices.
|
65 |
On the security of authentication protocols on the web / La sécurité des protocoles d’authentification sur leWebDelignat-Lavaud, Antoine 14 March 2016 (has links)
Est-il possible de démontrer un théorème prouvant que l’accès aux données confidentielles d’un utilisateur d’un service Web (tel que GMail) nécessite la connaissance de son mot de passe, en supposant certaines hypothèses sur ce qu’un attaquant est incapable de faire (par exemple, casser des primitives cryptographiques ou accéder directement aux bases de données de Google), sans toutefois le restreindre au point d’exclure des attaques possibles en pratique?Il existe plusieurs facteurs spécifiques aux protocoles du Web qui rendent impossible une application directe des méthodes et outils existants issus du domaine de l’analyse des protocoles cryptographiques.Tout d’abord, les capacités d’un attaquant sur le Web vont largement au-delà de la simple manipulation des messages échangés entre le client et le serveur sur le réseau. Par exemple, il est tout à fait possible (et même fréquent en pratique) que l’utilisateur ait dans son navigateur un onglet contenant un site contrôlé par l’adversaire pendant qu’il se connecte à sa messagerie (par exemple, via une bannière publicitaire) ; cet onglet est, comme n’importe quel autre site, capable de provoquer l’envoi de requêtes arbitraires vers le serveur de GMail, bien que la politique d’isolation des pages du navigateur empêche la lecture directe de la réponse à ces requêtes. De plus, la procédure pour se connecter à GMail implique un empilement complexe de protocoles : tout d’abord, un canal chiffré, et dont le serveur est authentifié, est établi avec le protocole TLS ; puis, une session HTTP est créée en utilisant un cookie ; enfin, le navigateur exécute le code JavaScript retourné par le client, qui se charge de demander son mot de passe à l’utilisateur.Enfin, même en imaginant que la conception de ce système soit sûre, il suffit d’une erreur minime de programmation (par exemple, une simple instruction goto mal placée) pour que la sécurité de l’ensemble de l’édifice s’effondre.Le but de cette thèse est de bâtir un ensemble d’outils et de librairies permettant de programmer et d’analyser formellement de manière compositionelle la sécurité d’applicationsWeb confrontées à un modère plausible des capacités actuelles d’un attaquant sur le Web. Dans cette optique, nous étudions la conception des divers protocoles utilisés à chaque niveau de l’infrastructure du Web (TLS, X.509, HTTP, HTML, JavaScript) et évaluons leurs compositions respectives. Nous nous intéressons aussi aux implémentations existantes et en créons de nouvelles que nous prouvons correctes afin de servir de référence lors de comparaisons. Nos travaux mettent au jour un grand nombre de vulnérabilités aussi bien dans les protocoles que dans leurs implémentations, ainsi que dans les navigateurs, serveurs, et sites internet ; plusieurs de ces failles ont été reconnues d’importance critiques. Enfin, ces découvertes ont eu une influence sur les versions actuelles et futures du protocole TLS. / As ever more private user data gets stored on the Web, ensuring proper protection of this data (in particular when it transits through untrusted networks, or when it is accessed by the user from her browser) becomes increasingly critical. However, in order to formally prove that, for instance, email from GMail can only be accessed by knowing the user’s password, assuming some reasonable set of assumptions about what an attacker cannot do (e.g. he cannot break AES encryption), one must precisely understand the security properties of many complex protocols and standards (including DNS, TLS, X.509, HTTP, HTML,JavaScript), and more importantly, the composite security goals of the complete Web stack.In addition to this compositional security challenge, onemust account for the powerful additional attacker capabilities that are specific to the Web, besides the usual tampering of network messages. For instance, a user may browse a malicious pages while keeping an active GMail session in a tab; this page is allowed to trigger arbitrary, implicitly authenticated requests to GMail using JavaScript (even though the isolation policy of the browser may prevent it from reading the response). An attacker may also inject himself into honest page (for instance, as a malicious advertising script, or exploiting a data sanitization flaw), get the user to click bad links, or try to impersonate other pages.Besides the attacker, the protocols and applications are themselves a lot more complex than typical examples from the protocol analysis literature. Logging into GMail already requires multiple TLS sessions and HTTP requests between (at least) three principals, representing dozens of atomic messages. Hence, ad hoc models and hand written proofs do not scale to the complexity of Web protocols, mandating the use of advanced verification automation and modeling tools.Lastly, even assuming that the design of GMail is indeed secure against such an attacker, any single programming bug may completely undermine the security of the whole system. Therefore, in addition to modeling protocols based on their specification, it is necessary to evaluate implementations in order to achieve practical security.The goal of this thesis is to develop new tools and methods that can serve as the foundation towards an extensive compositional Web security analysis framework that could be used to implement and formally verify applications against a reasonably extensive model of attacker capabilities on the Web. To this end, we investigate the design of Web protocols at various levels (TLS, HTTP, HTML, JavaScript) and evaluate their composition using a broad range of formal methods, including symbolic protocol models, type systems, model extraction, and type-based program verification. We also analyze current implementations and develop some new verified versions to run tests against. We uncover a broad range of vulnerabilities in protocols and their implementations, and propose countermeasures that we formally verify, some of which have been implemented in browsers and by various websites. For instance, the Triple Handshake attack we discovered required a protocol fix (RFC 7627), and influenced the design of the new version 1.3 of the TLS protocol.
|
66 |
Studying the Opportunities of Blockchain Implementations in Electronic Transactions compared to the eIDAS Regulations / Undersöka möjligheterna för blockchain implementationer i elektroniska transaktioner jämfört med eIDAS regulationenHansson, Hanna January 2022 (has links)
The electronic identification regulation, eIDAS, and its trusted service providers are currently based on technologies that have been used for decades. The eIDAS and many others in the security industry have shown interest in newer technologies such as distributed ledgers and blockchain. This research looks into the current eIDAS regulation, its plans for future work, and how the current trusted systems could benefit from introducing blockchain into the solutions. Looking at new technologies is of importance to move forward but also making solutions more secure for the user with for example Self-Sovereign Identity solutions. The research was conducted through a literature review followed by interviews. A number of themes were identified to answer the research question. The findings were that blockchain is a viable technology to use but only if used in the right cases. A better understanding and knowledge of the technology is needed for new implementation to succeed and should not be rushed due to the hype of blockchain technology. / Se bif. fil
|
67 |
政府採購入口網站功能架構與關鍵成功因素之研究 / A Study of the functional architecture and Key Success Factors for the Government Electronic Procurement Portal Website陳冠竹 Unknown Date (has links)
政府入口網站含蓋了眾多提供公共服務的網站,讓民眾或企業進行相關業務的辦理、資訊的查詢以及進行交易等行為。全國或是全球需要使用到政府服務,例如政府採購等之使用者皆是政府入口網站之服務對象。因此政府網站在資料流量含量方面較之於一般商業網站更為可觀,亦包含了電子商務性質。在此狀況下,政府角色亦已逐漸從管制調適為服務。就政府體策略或執行計畫而言,實施知識管理除可使行政單位的工作效率提昇,行政流程時間縮短,更可避免重覆錯誤及誤判訊息之可能。
本研究主要以行政院公共工程委員會目前所推行之『政府採購電子化』計畫為研究對象,冀於對未來五年能達到政府採購作業全面電子化提出建議。本研究之目標係分析研擬「政府電子採購入口網站」之關鍵成功因素,從而由「政府採購電子化」計畫現行系統歸納出具綜效之整合型「政府電子採購入口網站」功能架構,其工作內容如下:
1. 歸納、分析現行各系統及政府採購法推動之問題。
2. 瞭解國內政府入口網站之推動情形,分析企業資訊入口網站解決方案現況。
3. 利用分析層級程序法(Analytic Hierarchy Process,簡稱AHP)歸納出三分類專家,包括工程會內部專家、公部門專家、產業界及學界專家所認為的「政府電子採購入口網站」之關鍵成功因素,同時也分析資訊職務與非資訊職務專家觀點之相異點。
4. 根據歸納出來之關鍵成功因素與內部需求,提出具建設性之「政府電子採購入口網站」功能架構雛形,建議工程會推動「政府採購入口網站」提供之功能依據。
本研究AHP法研究結果如下:
1. 本研究中之各類專家一般認為內在因素比外在環境因素之權重大。
2. 第三層關鍵成功因素包括知識管理機制之健全化、政策及法制配合度、使用者服務機制、資訊系統與營運。整體而言,工程會內部專家與產業界及學界專家兩類專家較重視政策及法制配合度構面因素,而公部門專家比較重視資訊系統與營運構面因素。資訊職務專家較重視政策及法制配合度構面因素,非資訊職務專家比較重視資訊系統與營運構面因素。
3. 整體最底層關鍵成功因素排名前七項分別為高階長官的參與和支持並訂定明確的目標、即時配合實際狀況,修正、鬆綁法規、充裕的資源配合、提昇法令約束力之效力、提供快速回應問題之機制、介面具親和力、操作流程循序簡單、提供高度的可靠性與穩定性。
本研究最後逐一對專家深入訪談、工程會需求訪談、企業資訊入口網站解決方案及關鍵成功因素AHP之分析等結果提出結論與建議。 / An e-Government Portal should integrates numerous websites that offer public service, and provides individuals or enterprises with a platform for trafficking, searching information, and conducting transactions. Thus, all the users, that need to access government service and government procurement information, are potential customers of the e-Government Portal website. Hence, the e-Government Portal website, with e-Commerce quality, has more enormous data flow and database contents in comparison with simple e-Commerce sites. Last but not least, the role of e-Government Portal website is turned gradually into a service provider from its simple transition role of inspection.
From government's strategic aspect, actions regarding knowledge management can not only improve the efficiency and streamline the administrative procedures, but also avoid the crisis of repeating failures and misleadings of messages.
The object of this research is the Electronic Procurement Plan, which was established and promoted by the Public Construction Commission (PCC) of The Executive Yuan, R.O.C. The goal of the Electronic Procurement Plan is to accomplish the electronic commerce of the government procurement entirely in five years. This study aims to find out the critical success factors (CSF) for the Government Electronic Procurement Portal Website, and to carry out a functional architecture for the synergic Government Electronic Procurement Portal Website via the following working packages :
1. to analyze and formulate the problems of promoting the electronic government procurement system and the government procurement law.
2. to discuss the ongoing domestic promotion programs of the e-Government Portal websites and analyze the status quo cases of the Enterprise Information Portal (EIP) solution.
3. to analyze and compare the critical success factors of the Government Electronic Procurement Portal Website of various expert viewpoints through Analytic Hierarchy Process (AHP) method. The experts come from the PCC internal public servants, public servants from other government agencies as well as industrialists and scholars. On the other hand, the different viewpoints between the IT background experts and non-IT background experts are also compared.
4. to summarize constitutive functional architecture for the Government Electronic Procurement Portal Website according to the resulted CSF and the PCC internal requirements.
The results of AHP analysis can be stated as following:
1. The internal factors outweigh external factors.
2. The third-level of factors of AHP architecture includes the solidity of knowledge management, the compatibility of policies and laws, the user service mechanism and the information systems and operations. Generally, the PCC internal public servants, industrialists and scholars pay more attention to the compatibility of policies and laws than the other public servants that put a lot of emphasis on the information systems and operations. The IT background experts value the compatibility of policies and laws, whereas the non-IT background experts emphasize the information systems and operations.
3. The top seven priority factors of the rock-bottom level factors include the involvements and endorsements of the top executives and establish the clear goals, the instantaneous emendation and relaxation of the laws, the compatibility of abundant resource, the effectiveness of promoting the law's constraint force, friendly interface and easily sequential operation flow and high reliability and stability.
At last, this research leads to the conclusions and suggestions in regard to in-depth experts interviews,PCC internal requirement investigations, EIP solutions and the AHP CSF analysis.
|
68 |
Secure Digital Provenance: Challenges and a New DesignRangwala, Mohammed M. January 2014 (has links)
Indiana University-Purdue University Indianapolis (IUPUI) / Derived from the field of art curation, digital provenance is an unforgeable record of a digital object's chain of successive custody and sequence of operations performed on the object. It plays an important role in accessing the trustworthiness of the object, verifying its reliability and conducting audit trails of its lineage. Digital provenance forms an immutable directed acyclic graph (DAG) structure. Since history of an object cannot be changed, once a provenance chain has been created it must be protected in order to guarantee its reliability. Provenance can face attacks against the integrity of records and the confidentiality of user information, making security an important trait required for digital provenance. The digital object and its associated provenance can have different security requirements, and this makes the security of provenance different from that of traditional data.
Research on digital provenance has primarily focused on provenance generation, storage and management frameworks in different fields. Security of digital provenance has also gained attention in recent years, particularly as more and more data is migrated in cloud environments which are distributed and are not under the complete control of data owners. However, there still lacks a viable secure digital provenance scheme which can provide comprehensive security for digital provenance, particularly for generic and dynamic ones. In this work, we address two important aspects of secure digital provenance that have not been investigated thoroughly in existing works: 1) capturing the DAG structure of provenance and 2) supporting dynamic information sharing. We propose a scheme that uses signature-based mutual agreements between successive users to clearly delineate the transition of responsibility of the digital object as it is passed along the chain of users. In addition to preserving the properties of confidentiality, immutability and availability for a digital provenance chain, it supports the representation of DAG structures of provenance. Our scheme supports dynamic information sharing scenarios where the sequence of users who have custody of the document is not predetermined. Security analysis and empirical results indicate that our scheme improves the security of the typical secure provenance schemes with comparable performance.
|
69 |
Smart card fault attacks on public key and elliptic curve cryptographyLing, Jie January 2014 (has links)
Indiana University-Purdue University Indianapolis (IUPUI) / Blömmer, Otto, and Seifert presented a fault attack on elliptic curve scalar multiplication called the Sign Change Attack, which causes a fault that changes the sign of the accumulation point. As the use of a sign bit for an extended integer is highly unlikely, this appears to be a highly selective manipulation of the key stream. In this thesis we describe two plausible fault attacks on a smart card implementation of elliptic curve cryptography. King and Wang designed a new attack called counter fault attack by attacking the scalar multiple of discrete-log cryptosystem. They then successfully generalize this approach to a family of attacks. By implementing King and Wang's scheme on RSA, we successfully attacked RSA keys for a variety of sizes. Further, we generalized the attack model to an attack on any implementation that uses NAF and wNAF key.
|
Page generated in 0.3852 seconds