Databáze specifikací bezpečnostních protokolů / Specifications Database of Security Protocols

Hadaš, Petr

Unknown Date

This paper describes four tools for verification security protocols Athena, Casper, Isabelle and Murphi. Each tool is briefly characterized and implementation of protocol Needham Schroeder. One part of this paper is comparing of selected tools. The second part of this paper describes in detail a tool Athena and mentions examples of verified protocols. By each protocol is stated a specifications of communication, a detected attack and results of own verification. At the end compares this paper verification results with already publicated attacks.

Indicadores de desempenho aplicados à gestão de riscos em cadeias logísticas seguras no comércio exterior. / Performance indicators applied to risk management in safe logistic chains in foreign trade.

Hoeflich, Sergio Luiz

23 April 2018

O presente trabalho de pesquisa apresenta uma metodologia para gestão dos riscos em empresas que atuam cadeia de suprimentos internacional. Apresenta-se um roteiro de analise qualitativa de conformidade e de avaliação qualitativa dos riscos, atendendo aos requisitos da habilitação para a certificação de Operadores Econômicos Autorizados (OEA). A metodologia de gestão de riscos foi modelada a partir de aspectos pertinentes, com os indicadores que são relevantes para os operadores no comércio exterior brasileiro, cujos riscos vão além das operações nas aduanas. O gerenciamento da cadeia de suprimentos e o conceito que encerram os seus riscos foram pesquisados na literatura, em busca modelos de gerenciamento adequados às atividades do OEA. O modelo proposto consiste em uma metodologia de analise quantitativa para a gestão dinâmica dos riscos avançando além dos consagrado método qualitativo de gestão de conformidades. É um instrumento que se presta a atender aos mais variados setores das organizações, que estão comprometidas com a gestão dos seus riscos corporativos. / This research presents a methodology for risk management in companies that operate the international supply chain. A roadmap for qualitative analysis of compliance and qualitative risk assessment is presented, taking into account the requirements of the authorization for the certification of Authorized Economic Operators (AEO). The risk management methodology was modeled on pertinent aspects, with the indicators that are relevant for the operators in the Brazilian foreign trade, whose risks go beyond customs operations. Supply chain management and the concept that curtailed its risks were researched in the literature, in search of management models appropriate to AEO activities. The proposed model consists of a methodology of quantitative analysis for the dynamic management of risks, advancing beyond the established qualitative method of compliance management. It is an instrument that serves the most varied sectors of organizations, which are committed to managing their corporate risks.

Administração de risco

Authorized economic operator

Cadeia de suprimentos

Foreign trade

Indicadores de produtividade

Indicators

Logística

Risk management

Secure logistics chain

Metodologia para a implantação dos processos da cadeia logística segura. / Methodology for implementing secure process in supply chain.

Fontana, Caio Fernando

21 December 2009

A formulação da Metodologia para a Implantação dos Processos da Cadeia Logística Segura visa estabelecer parâmetros e metodologia para aplicação dos diversos conceitos e programas de segurança para o comércio exterior visando o controle de carga que vêm sendo implementados por órgãos de governo e organismos internacionais. Estes programas têm como foco o controle sobre os processos de movimentação de carga, através da utilização de tecnologia aplicada à inspeção não intrusiva de carga, rastreamento e lacres eletrônicos, sistemas de troca eletrônica de informação e da integração sistêmica destes componentes. Desta forma, esta tese busca demonstrar como o modelo proposto impactará nos controles fiscais e aduaneiros bem como na otimização dos fluxos logísticos. O modelo proposto está ancorado nas diretrizes de segurança estabelecidas pela Organização Mundial das Aduanas (OMA) através do SAFE Framework of Standards, pela International Maritime Organization (IMO) através do Código Internacional de Segurança e Proteção a Navios e Instalações Portuárias (ISPS-Code), pelo Governo dos Estados Unidos da América através do Container Security Initiative (CSI) e do Safe Ports Act, pela Secretaria da Receita Federal Brasileira através do Plano Nacional de Segurança Aduaneira (PNSA) da Nota Fiscal Eletrônica (NFe) e Conhecimento de Trânsito Eletrônico (CTe) em conjunto com as Secretarias de Fazenda Estaduais, bem como pelo setor privado quem vêm implementado iniciativas voltadas ao controle e monitoramento de carga através de sistemas de Gerenciamento de Risco e os sistemas de Rastreamento e Lacres Eletrônicos aplicados à cargas e veículos. Para efeito de contextualização será apresentado o processo de importação e exportação, seus aspectos de transporte, armazenagem e manipulação de carga, bem como uma macro visão do fluxo documental e os intervenientes públicos e privados envolvido no processo. A seguir, serão apresentadas as propostas de normatização do processo de cadeia logística segura elaboradas pela Customs-Trade Partnership Against Terrorism (C-TPAT), Business Alliance for Secure Commerce (BASC) e da International Organization for Standardization (ISO) através da ISO 28000 e correlatas. Feitas estas análises e contextualização será formulado o modelo operacional que consiste na proposição de um controle logístico integrado. Esta abordagem tem por objetivo apresentar as diversas características dos fluxos de carga por modal e tipo, ou seja, granel, container e carga geral. Este modelo, se implementado, poderá proporcionar um aumento de produtividade do setor, pois a adoção de medidas de controle de carga exige que o planejamento das operações logísticas seja efetuado, acompanhado e corrigido sempre que necessário. Desta forma, o setor de logística poderá se valer desta ferramenta para o aumento de produtividade e conseqüente redução do Custo Brasil. O modelo de implementação será proposto apoiado em quatro diretrizes: normatização de processos, formulação de um modelo de avaliação contínua de nível de serviço das empresas e do processo, normatização de tecnologia, modelo de acreditação de processo e entidades por modal e/ou área de atuação. Neste trabalho serão detalhados o Modelo de Normatização de Processos e o Sistema de Avaliação de Nível de Serviço. A Normatização Tecnológica e o Modelo de Acreditação serão desenvolvidos em trabalhos futuros. / The development of the Methodology for the Implantation of the Processes of the Safe Logistic Chain aims at to establish parameters and methodology for application of the diverse concepts and programs of security for the foreign commerce being aimed at the load control that come being implemented for agencies of government and international organisms. These programs have as focus the control on the processes of load movement, through the use of technology applied to the not intrusive inspection of load, electronic tracking and sealing waxes, systems of electronic exchange of information and the systemic integration of these components. In such a way, this thesis searchs to demonstrate as the considered model will impact in the fiscal and customs controls as well as in the improvement of the logistic flows. The considered model is anchored in the lines of direction of security established by the Organização Munidal das Aduanas (OMA) through the SAFE Frameworks of Standards through the International Maritime Organization (IMO), through the International Code of Security and Protection the Ships and Port Installations (ISPS-Code), for the Government of the United States of America through Container Security Initiative (CSI) and of Safe Ports Act, for the Secretariat of the Brazilian Federal Prescription through the Plano Nacional de Segurança Aduaneira (PNSA) of Nota Fiscal Eletrônica (NFe) and Conhecimento de Trânsito Eletrônico (CTe) in set with the Secretarias de Fazenda Estaduais, as well as for the private sector who they come implemented initiatives directed to the control and monitorial of load through systems of Management of Risk and the systems of Tracking and Electronic Sealing waxes applied to loads and vehicles. For context effect, it will be presented the process of importation and exportation, its aspects of transport, load storage and manipulation, as well as a macro vision of the documentary flow and the intervening private public and involved in the process. To follow the proposals of regularization of the logistic process of chain will be presented insurance elaborated by Customs-Trade Partnership Against Terrorism (C-TPAT), Business Alliance will be Secure Commerce (BASC) and of the International Organization for Standardization (ISO) through the ISO 28000 and correlates. The operational model that will be formulated consists of the proposal of an integrated logistic control. This boarding has for objective to present the diverse characteristics of the modal load flows and type, that is granary, container and general load. The implementation of this model will provide to an increase of productivity of the sector therefore the adoption of measures of load control demands that the planning of the logistic operations is effected, followed and corrected whenever necessary. In such a way the sector of logistic could use this tool for the increase of productivity and consequence reduction of what is called as Custo Brasil. The implementation model will be formulated supported in four pillars: regularization of processes, regularization of technology, formularization of a model of Acreditação of modal process and entities for and/or area of performance and the formularization of a model of continuous evaluation of level of service of the companies and the process.

Automação de processos

Cadeia logística segura

Logistic systems

Process automation

Secure supply chain

Security

Segurança

Sistemas logísticos

Transportation

Transportes

Authentification d'objets à distance / Remote object authentication protocols

Lancrenon, Jean

22 June 2011

Cette thèse est consacrée à la description et à l'étude de la sécurité de divers protocoles destinés à faire de l'authentification d'objets physiques à distance à base de comparaison de vecteurs binaires. L'objectif des protocoles proposés est de pouvoir réaliser une authentification en garantissant d'une part que les informations envoyées et reçues par le lecteur n'ont pas été manipulées par un adversaire extérieur et d'autre part sans révéler l'identité de l'objet testé à un tel adversaire, ou même, modulo certaines hypothèses raisonnables, aux composantes du système. Nous nous sommes fixés de plus comme objectif d'utiliser des méthodes de cryptographie sur courbe elliptique pour pouvoir profiter des bonnes propriétés de ces dernières, notamment une sécurité accrue par rapport à la taille des clefs utilisées. Nous présentons plusieurs protocoles atteignant l'objectif et établissons pour presque tous une preuve théorique de leur sécurité, grâce notamment à une nouvelle caractérisation d'une notion standard de sécurité. / This thesis is dedicated to the description of several bitrsitring comparison based remote object authentication protocols and the study of their theoretical security. The proposed protocols are designed to carry out the authentication of a given object while simultaneously guaranteeing that the information sent and received by the server cannot be tampered with by outside adversaries and that the identity of the tested object remains hidden from outside and (certain) inside adversaries. Finally it has been our objective to use elliptic curve cryptography, taking advantage of its useful properties, notably a better security level to key-size ratio. We present several protocols reaching these objectives, establishing for almost each protocol a theoretical proof of security using a new characterization of a standard security notion.

Courbe elliptique

Cryptographie

Authentification sécurisée

Morphométrie

Elliptic curve

Cryptography

Private information retrieval

Secure authentication

Morphometric

510

Metodologia para a implantação dos processos da cadeia logística segura. / Methodology for implementing secure process in supply chain.

Caio Fernando Fontana

21 December 2009

A formulação da Metodologia para a Implantação dos Processos da Cadeia Logística Segura visa estabelecer parâmetros e metodologia para aplicação dos diversos conceitos e programas de segurança para o comércio exterior visando o controle de carga que vêm sendo implementados por órgãos de governo e organismos internacionais. Estes programas têm como foco o controle sobre os processos de movimentação de carga, através da utilização de tecnologia aplicada à inspeção não intrusiva de carga, rastreamento e lacres eletrônicos, sistemas de troca eletrônica de informação e da integração sistêmica destes componentes. Desta forma, esta tese busca demonstrar como o modelo proposto impactará nos controles fiscais e aduaneiros bem como na otimização dos fluxos logísticos. O modelo proposto está ancorado nas diretrizes de segurança estabelecidas pela Organização Mundial das Aduanas (OMA) através do SAFE Framework of Standards, pela International Maritime Organization (IMO) através do Código Internacional de Segurança e Proteção a Navios e Instalações Portuárias (ISPS-Code), pelo Governo dos Estados Unidos da América através do Container Security Initiative (CSI) e do Safe Ports Act, pela Secretaria da Receita Federal Brasileira através do Plano Nacional de Segurança Aduaneira (PNSA) da Nota Fiscal Eletrônica (NFe) e Conhecimento de Trânsito Eletrônico (CTe) em conjunto com as Secretarias de Fazenda Estaduais, bem como pelo setor privado quem vêm implementado iniciativas voltadas ao controle e monitoramento de carga através de sistemas de Gerenciamento de Risco e os sistemas de Rastreamento e Lacres Eletrônicos aplicados à cargas e veículos. Para efeito de contextualização será apresentado o processo de importação e exportação, seus aspectos de transporte, armazenagem e manipulação de carga, bem como uma macro visão do fluxo documental e os intervenientes públicos e privados envolvido no processo. A seguir, serão apresentadas as propostas de normatização do processo de cadeia logística segura elaboradas pela Customs-Trade Partnership Against Terrorism (C-TPAT), Business Alliance for Secure Commerce (BASC) e da International Organization for Standardization (ISO) através da ISO 28000 e correlatas. Feitas estas análises e contextualização será formulado o modelo operacional que consiste na proposição de um controle logístico integrado. Esta abordagem tem por objetivo apresentar as diversas características dos fluxos de carga por modal e tipo, ou seja, granel, container e carga geral. Este modelo, se implementado, poderá proporcionar um aumento de produtividade do setor, pois a adoção de medidas de controle de carga exige que o planejamento das operações logísticas seja efetuado, acompanhado e corrigido sempre que necessário. Desta forma, o setor de logística poderá se valer desta ferramenta para o aumento de produtividade e conseqüente redução do Custo Brasil. O modelo de implementação será proposto apoiado em quatro diretrizes: normatização de processos, formulação de um modelo de avaliação contínua de nível de serviço das empresas e do processo, normatização de tecnologia, modelo de acreditação de processo e entidades por modal e/ou área de atuação. Neste trabalho serão detalhados o Modelo de Normatização de Processos e o Sistema de Avaliação de Nível de Serviço. A Normatização Tecnológica e o Modelo de Acreditação serão desenvolvidos em trabalhos futuros. / The development of the Methodology for the Implantation of the Processes of the Safe Logistic Chain aims at to establish parameters and methodology for application of the diverse concepts and programs of security for the foreign commerce being aimed at the load control that come being implemented for agencies of government and international organisms. These programs have as focus the control on the processes of load movement, through the use of technology applied to the not intrusive inspection of load, electronic tracking and sealing waxes, systems of electronic exchange of information and the systemic integration of these components. In such a way, this thesis searchs to demonstrate as the considered model will impact in the fiscal and customs controls as well as in the improvement of the logistic flows. The considered model is anchored in the lines of direction of security established by the Organização Munidal das Aduanas (OMA) through the SAFE Frameworks of Standards through the International Maritime Organization (IMO), through the International Code of Security and Protection the Ships and Port Installations (ISPS-Code), for the Government of the United States of America through Container Security Initiative (CSI) and of Safe Ports Act, for the Secretariat of the Brazilian Federal Prescription through the Plano Nacional de Segurança Aduaneira (PNSA) of Nota Fiscal Eletrônica (NFe) and Conhecimento de Trânsito Eletrônico (CTe) in set with the Secretarias de Fazenda Estaduais, as well as for the private sector who they come implemented initiatives directed to the control and monitorial of load through systems of Management of Risk and the systems of Tracking and Electronic Sealing waxes applied to loads and vehicles. For context effect, it will be presented the process of importation and exportation, its aspects of transport, load storage and manipulation, as well as a macro vision of the documentary flow and the intervening private public and involved in the process. To follow the proposals of regularization of the logistic process of chain will be presented insurance elaborated by Customs-Trade Partnership Against Terrorism (C-TPAT), Business Alliance will be Secure Commerce (BASC) and of the International Organization for Standardization (ISO) through the ISO 28000 and correlates. The operational model that will be formulated consists of the proposal of an integrated logistic control. This boarding has for objective to present the diverse characteristics of the modal load flows and type, that is granary, container and general load. The implementation of this model will provide to an increase of productivity of the sector therefore the adoption of measures of load control demands that the planning of the logistic operations is effected, followed and corrected whenever necessary. In such a way the sector of logistic could use this tool for the increase of productivity and consequence reduction of what is called as Custo Brasil. The implementation model will be formulated supported in four pillars: regularization of processes, regularization of technology, formularization of a model of Acreditação of modal process and entities for and/or area of performance and the formularization of a model of continuous evaluation of level of service of the companies and the process.

Automação de processos

Cadeia logística segura

Segurança

Sistemas logísticos

Transportes

Logistic systems

Process automation

Secure supply chain

Security

Transportation

Indicadores de desempenho aplicados à gestão de riscos em cadeias logísticas seguras no comércio exterior. / Performance indicators applied to risk management in safe logistic chains in foreign trade.

Sergio Luiz Hoeflich

23 April 2018

O presente trabalho de pesquisa apresenta uma metodologia para gestão dos riscos em empresas que atuam cadeia de suprimentos internacional. Apresenta-se um roteiro de analise qualitativa de conformidade e de avaliação qualitativa dos riscos, atendendo aos requisitos da habilitação para a certificação de Operadores Econômicos Autorizados (OEA). A metodologia de gestão de riscos foi modelada a partir de aspectos pertinentes, com os indicadores que são relevantes para os operadores no comércio exterior brasileiro, cujos riscos vão além das operações nas aduanas. O gerenciamento da cadeia de suprimentos e o conceito que encerram os seus riscos foram pesquisados na literatura, em busca modelos de gerenciamento adequados às atividades do OEA. O modelo proposto consiste em uma metodologia de analise quantitativa para a gestão dinâmica dos riscos avançando além dos consagrado método qualitativo de gestão de conformidades. É um instrumento que se presta a atender aos mais variados setores das organizações, que estão comprometidas com a gestão dos seus riscos corporativos. / This research presents a methodology for risk management in companies that operate the international supply chain. A roadmap for qualitative analysis of compliance and qualitative risk assessment is presented, taking into account the requirements of the authorization for the certification of Authorized Economic Operators (AEO). The risk management methodology was modeled on pertinent aspects, with the indicators that are relevant for the operators in the Brazilian foreign trade, whose risks go beyond customs operations. Supply chain management and the concept that curtailed its risks were researched in the literature, in search of management models appropriate to AEO activities. The proposed model consists of a methodology of quantitative analysis for the dynamic management of risks, advancing beyond the established qualitative method of compliance management. It is an instrument that serves the most varied sectors of organizations, which are committed to managing their corporate risks.

Administração de risco

Cadeia de suprimentos

Indicadores de produtividade

Logística

Authorized economic operator

Foreign trade

Indicators

Risk management

Secure logistics chain

Performance analysis of lattice based post-quantum secure cryptography with Java

Johansson, Alexander

January 2019

Efficient quantum computers will break most of today’s public-key cryptosystems. Therefore, the National Institute of Standards and Technology (NIST) calls for proposals to standardise one or more quantum-secure cryptographic schemes. Eventually, banks must adopt the standardised schemes, but little is known about how efficient such an implementation would be in Java, one of the standard programming languages for banks. In this thesis, we test and evaluate a post-quantum secure encryption scheme known as FrodoKEM, which is based on a hard lattice problem known as Learning With Errors (LWE). We found that a post-quantum secure encryption version of FrodoKEM provides strong theoretical security regarding the criteria given by NIST, and is also sufficiently fast for key generation, encryption and decryption. These results imply that it could be possible to implement these types of post-quantum secure algorithms in high-level programming languages such as Java, demonstrating that we no longer are limited to use low-level languages such as C. Consequently, we can easier and cheaper implement post-quantum secure cryptography.

Cryptography

Post-quantum secure cryptography

Lattice-based cryptography

Learning with errors

Java

Other Computer and Information Science

Annan data- och informationsvetenskap

Usable, Secure Content-Based Encryption on the Web

Ruoti, Scott

01 July 2016

Users share private information on the web through a variety of applications, such as email, instant messaging, social media, and document sharing. Unfortunately, recent revelations have shown that not only is users' data at risk from hackers and malicious insiders, but also from government surveillance. This state of affairs motivates the need for users to be able to encrypt their online data.In this dissertation, we explore how to help users encrypt their online data, with a special focus on securing email. First, we explore the design principles that are necessary to create usable, secure email. As part of this exploration, we conduct eight usability studies of eleven different secure email tools including a total of 347 participants. Second, we develop a novel, paired-participant methodology that allows us to test whether a given secure email system can be adopted in a grassroots fashion. Third, we apply our discovered design principles to PGP-based secure email, and demonstrate that these principles are sufficient to create the first PGP-based system that is usable by novices. We have also begun applying the lessons learned from our secure email research more generally to content-based encryption on the web. As part of this effort, we develop MessageGuard, a platform for accelerating research into usable, content-based encryption. Using MessageGuard, we build and evaluate Private Facebook Chat (PFC), a secure instant messaging system that integrates with Facebook Chat. Results from our usability analysis of PFC provided initial evidence that our design principles are also important components to usable, content-based encryption on the Web.

Security

HCI

Usable security

Content-based encryption

Secure email

Webmail

End-to-end encryption

user study

Computer Sciences

基於多方安全計算之算術運算 / Arithmetic operations for secure multi-party computation

蕭名宏, Hsiao, Ming Hung

Unknown Date

資訊安全的研究裡，運用安全多方計算的方法，可使得多方在不洩漏各自私有資訊的條件下完成某種函式的計算。其中一種做法是利用scalar product來當作計算的基礎演算邏輯單元，並進而建構其他更複雜的安全多方計算。 根據目前現有的安全多方運算協定，可再加以定義出一些基本的運算規則，像是一般的程式語言中常用到的變數型態，如整數、浮點數、布林值，我們可定義出安全的秘密資料形態來，並且要能達到算數計算就必須擁有數值處理的能力，如基本的四則運算等，所以提供了相關聯的安全計算協定。根據安全多方計算的運算平台，可具有處理算術計算的能力，使得可處理一般安全計算的問題。 我們並提供一個script轉譯工具，使得使用者可自行撰寫自己的安全多方計算程式，並可利用此工具來自動將使用者寫的程式碼轉成安全多方運算平台可接受的程式碼，如此一來，解決安全多方計算的問題將會變得更為容易。 / Protocols for secure multi-party computation (SMC) allow participants to share a computation while each party learns only what can be inferred from their own inputs and the output of the computation. This thesis concerns the implementation SMC using of a set of information theoretically secure protocols based on scalar product protocol. This main characteristic of this approach is taking the scalar product computation as the basic building, and then use it to construct more complex computation protocols. We developed an SMC implementation framework for both integers and floating numbers which comprises a set of arithmetic operations that manipulate secret values among involved parties using the scalar product protocol as the basis. Such a library of arithmetic operations is call building blocks. Besides, to ease the writing of more complex user-defined protocols, we developed a simple scripting language and a translation tool that converts user script code to SMC code, which is code composed of the building blocks we developed.

安全多方計算

浮點數

轉譯器

Secure Multi-party Computation

floating number

translator

Conception de circuits intégrés autotestables pour des hypothèses de pannes analytiques

Nicolaides, Michel

06 January 1984

Des études récentes montrent que le modèle de collage logique ne convient pas pour représenter les défauts réels qui peuvent survenir dans les circuits intégrés. C'est pourquoi on recherche des méthodes de test basées sur des hypothèses de pannes analytiques. Problème de la conception des circuits autotestables vis-a-vis d'hypothèses de pannes analytiques: méthodes et règles générales pour les circuits fonctionnels N-MOS "fortement garantis contre les fautes" ("strongly fault secure": sfs). Nouveaux codes. Classe des contrôleurs " à codes fortement disjoints" (" strongly code disjoint": scd). Application des méthodes à l'étude d'un microprocesseur mc68000 autotestable.

circuits autotestable

circuits "strongly fault secure

hypothèses de pannes

codes

contrôleurs

conception VLSI

microprocesseurs