Efficient Secure Electronic Mail Protocols with Forward Secrecy

Hsu, Hsing

07 September 2007

In 1976, Diffie and Hellman proposed the concept of public key cryptosystem (PKC). The application and research of public key cryptography are arisen in the modern cryptography. In 2005, Sun, Hsieh, and Hwang (S.H.H.) proposed an electronic mail protocol based on classic public key cryptography. The technique of the Certificate of Encrypted Message Being a Signature (CEMBS) that Bao proposed in 1998 is applied on session key sharing of their e-mail system. In the same year, Dent pointed out that the first one of S.H.H.¡¦s e-mail protocols cannot suffice the property of forward secrecy. Thus, Kim, Koo, and Lee (K.K.L.) proposed two e-mail protocols based on signcryption concept which is proposed by Zheng in 1997 to overcome the flaw of S.H.H.¡¦s e-mail protocol in 2006. Lin, Lin, and Wang (L.L.W.) pointed out that the second one of S.H.H.¡¦s protocols cannot achieve forward secrecy and then they improved the protocol. In 2007, Yoon and Yoo claimed that the second one of K.K.L.¡¦s protocols is still vulnerable to two possible forgery attacks. In this thesis, we will make deep discussions about secure e-mail protocols based on PKC with providing the property of forward secrecy and then build a novel e-mail protocol to withstand the above attacks. Our proposed e-mail protocol can achieve the properties of authentication, confidentiality, integrity, non-repudiation and forward secrecy.

Forward Secrecy

Signcryption

Authentication

Electronic Mail Protocols

Key Agreement

Public Keys

Kungsgärdets sjukhus : En problematisk arkivbildare

Rudberg, Petra

January 2011

Kungsgärdets sjukhus got its name the fouth of january 1965 and is still in use today. In 1981 the hospital and became merged into Uppsala Västra sjukvårdsdistrikt and stopped being a independet fonds. Predecessor to Kungsgärdets sjukhus was Centralepidemisjukhuset, more specific its Longterm care after the Infektionskliniken had moved to Akademiska sjukhuset the first of september 1965. In the Kungsgärdets sjukhus material of archive several diffrent fonds are included: Tunåsens sjukhus, Wattholma sjukhem, Östra paviljongen and Landstingets verkstäder. Geriatriska klinik is also included in Kungsgärdets sjukhus, however it is not a fonds but a ward. However all this makes it very difficult to establish the provenance of Kungsgärdets sjukhus, because it is impossible to know how all these fonds and its material of archive affects Kungsgärdets sjukhus as a fonds specially since the other fonds have not been organized and catalogued, and There for it is difficult to know were the provenance and the truth of Kungsgärdets sjukhus is. Kungsgärdets sjukhus arrived at Landstingsarkivet in Uppsala län together with several other fonds at different times. The material of archive for Kungsgärdets sjukhus existed originally of 12 running metres, but afterwards it was down to 7,5 running metres. The material och archive existed of bound of books but mostly of folders. The material of archive was well-assorted which made the organizing and cataloguing relativly easy.

Hospital

Long-term care

County councils

Catalogue

Provenance

Secrecy

Sjukhus

Långtidsvård

Landsting

Förteckningar

Proveniens

Sekretess

Results On Some Authentication Codes

Kurtaran Ozbudak, Elif

01 February 2009

In this thesis we study a class of authentication codes with secrecy. We obtain the maximum success probability of the impersonation attack and the maximum success probability of the substitution attack on these authentication codes with secrecy. Moreover we determine the level of secrecy provided by these authentication codes. Our methods are based on the theory of algebraic function fields over finite fields. We study a certain class of algebraic function fields over finite fields related to this class of authentication codes. We also determine the number of rational places of this class of algebraic function fields.

QA Algebra 150-272.5

Secrets And Revelations: An Ethnographic Study Of The Nusayri Community In The Karaduvar District Of Mersin

Erdem, Muharrem

01 September 2010

The main aim of this thesis is to present an ethnographic study of the Nusayri community in the Karaduvar district of Mersin to examine how it negotiates maintaining religious teachings and practices secret in the process of interacting with other communities and reproducing Nusayri belief. In addition to ethnographic field research in Karaduvar, two virtual communities that Nusayris frequent were studied to examine the negotiations on the revelation of Nusayri esoteric knowledge and secret ritual practices. The ethnographic data were collected during two months of fieldwork in Karaduvar and twelve months of online study of two virtual communities. Research findings show that although the intentional concealing of Nusayri religious knowledge and ritual practices have historically played an important role in the survival of the Nusayri community and belief, partial revelation of secrets are becoming more common and acceptable. Both the internal dynamics of the Nusayri community and the socio-political context in Turkey have contributed to this process. The result of the continuous negotiations among Nusayri sheikhs and followers is that while social secrecy is increasingly revealed, esoteric secrecy is maintained to a large extent. The dosclosure of secrecy is particularly supported by younger generations, university graduates, Nusayri intelligentsia, and those Nusayris who live outside of their hometown.

HM General Sociology 1-299

One-Round Mutual Authentication Mechanism Based on Symmetric-Key Cryptosystems with Forward Secrecy and Location Privacy for Wireless Networks

Cheng, Yen-hung

12 August 2009

In recent years, the development of mobile networks is thriving or flourishing from 2G GSM, 2.5G GPRS, 3G UMTS to All-IP 4G, which integrates all heterogeneous networks and becomes mature and popular nowadays. Using mobile devices for voice transferring and multimedia sharing is also a part of our life. Mobile networks provide us an efficient way to exchange messages easily. However, these messages often contain critical personal data or private information. Transferring these messages freely in mobile network is dangerous since they can be eavesdropped easily by malicious mobile users for some illegal purposes, such as committing a crime. Hence, to avoid the exposure of the transmitted messages, robust security mechanisms are required. In this thesis, we will propose a one-round mutual authentication protocol which is computation and communication efficient and secure such that the privacy of mobile users¡¦ identities and the confidentiality of their transmitted data are guaranteed. In computation complexity, the protocol only employs symmetric encryption and hash-mac functions. Due to the possession of forward secrecy, the past encrypted messages are secure, even under the exposure of long-term keys. Furthermore, our scheme achieves the goal of user privacy and location privacy by changing TMSI in every session. Therefore, the third party cannot link two different sessions by eavesdropping the communication. Finally, our scheme also can prevent false base attacks which make use of a powerful base station to redirect mobile users¡¦ messages to a fake base station to obtain certain advantages.

Forward Secrecy

UMTS

False Base Attacks

Mobile Networks

Location Privacy

Mutual Authentication

An EAP Method with Biometrics Privacy Preserving in IEEE 802.11 Wireless LANs

Chen, Yung-Chih

15 August 2009

It is necessary to authenticate users when they want to access services in WLANs. Extensible Authentication Protocol (EAP) is an authentication framework widely used in WLANs. Authentication mechanisms built on EAP are called EAP methods. The requirements for EAP methods in WLAN authentication have been defined in RFC 4017. Besides, low computation cost and forward secrecy, excluded in RFC 4017, are noticeable requirements in WLAN authentication. However, all EAP methods and authentication schemes designed for WLANs so far do not satisfy all of the above requirements. Therefore, we will propose an EAP method which utilizes three factors, stored secrets, passwords, and biometrics, to verify users. Our proposed method fully satisfies 1) the requirements of RFC 4017, 2) forward secrecy, and 3) lightweight computation. Moreover, the privacy of biometrics is protected against the authentication server, and the server can flexibly decide whether passwords and biometrics are verified in each round or not.

Extensible Authentication Protocol (EAP)

Lightweight Computation

Wireless Local Area Networks (WLANs)

Three-Factor Authentication

Forward Secrecy

Information Security in Home Healthcare

Åhlfeldt, Rose-mharie

January 2001

<p>Healthcare is very information-intensive. Hence, it has become necessary to use the support of computers in order to efficiently improve such an information-intensive organisation.</p><p>This thesis points out deficiencies in the area of information security in home healthcare regarding personal integrity and secrecy. Home healthcare is, in Sweden, performed by the municipalities. The work is based on the recommendations and common advice for processing of personal data compiled by the Data Inspection Board. Two municipalities in the Västra Götaland Region have been investigated. One of the municipalities has a manual system and the other has a computerized system for personal data management.</p><p>The work includes a field study where persons from both municipalities have been observed. It also includes interviews based on the comprehensive questions from the Data Inspection Board and questions arisen from the observations.</p><p>The work shows that a very clear need of training among personnel involved in home healthcare. It also shows the need for elaborate security measures including levels on access profiles. A weak point concerning security is also the heavy use of facsimile transmission for information distribution.</p>

Information security

home healthcare

healthcare informatics

personal integrity

secrecy

Computer and systems science

Data- och systemvetenskap

Samverkan och sekretess : en rättsvetenskaplig studie av myndigheters informationsutbyte vid olyckor och extraordinära händelser / Agency cooperation and official secrecy : a legal study on exchange of information between authorities in accidents and extraordinary events

Karlsson, Rikard

January 2015

Cooperation between authorities is of great importance for effective crisis management. A new crisis management system was introduced in Sweden in 2002 to enhance the ability of public authorities to manage accidents and extraordinary events. It expects authorities to cooperate with each other both before and while dealing with such situations. An important aspect of this cooperation is the exchange of information, which is hampered when authorities are obliged to observe secrecy rules even if this limits their ability to manage accidents and extraordinary events. It may be said, therefore, that the legislation governing the exchange of information by authorities, chiefly the Public Access to Information and Secrecy Act (2009:400), is essentially at variance with the rules that require cooperation. The thesis analyses legal requirements on authorities to cooperate and exchange information when dealing with accidents and extraordinary events and how these requirements relate to secrecy rules. The study does not merely examine the legal requirements placed on authorities to cooperate and exchange information and to observe secrecy rules when dealing with accidents and extraordinary events; it also undertakes a critical analysis of the current legislation, with the aim of identifying deficiencies and ambiguities, taking as its criteria that good legislation should be clear, coherent and well-balanced. Since the thesis shows that there are deficiencies in the legislation, it also suggests improvements and alternative forms of regulation.

administrative law

agency cooperation

civil protection

crisis management

legislation

national security

official secrecy

privacy

security

La confidentialité des résultats des tests génétiques : les droits des membres de la famille et les obligations des professionnels de la santé : une étude comparée Québec / France

Fecteau, Claudine

09 1900

L'information génétique, de manière intrinsèque, concerne non seulement un individu, mais également les personnes qui lui sont liées par le sang. Dans l'hypothèse où une personne refusait de communiquer des informations cruciales pour la santé des membres de sa famille, les professionnels de la santé qui détiennent ces renseignements pourraient se retrouver confrontés à un dilemme, soit le choix entre le respect de la confidentialité ou la communication des infonnations pertinentes dans l'intérêt de la famille. Ce mémoire propose une analyse des règles régissant la confidentialité des résultats des tests génétiques en regard des droits des membres de la famille et des obligations des professionnels de la santé. Une analyse comparative entre le droit québécois et français est effectuée. La législation portant sur la confidentialité est essentiellement fondée sur la protection des droits individuels. Des exceptions législatives sont toutefois prévues dans l'intérêt de certains membres de la famille, mais elles s'adressent uniquement à la famille biologique. La notion de famille est ainsi restreinte spécifiquement dans le cadre de la génétique. Le bris de la confidentialité ne semble pas la solution optimale pour résoudre le conflit entre les droits de la personne concernée et ceux de sa famille et n'est d'ailleurs pas envisagé par les systèmes juridiques québécois et français. Les professionnels de la santé doivent alors mettre l'accent sur l'information et le dialogue avec le patient, ce qui est davantage garant de la protection des droits de toutes les personnes en cause. / Genetic information, by its very nature, concerns not only the individual, but also the persons related to him by blood. Where an individual refuses to share genetic information crucial to the health of his family members, health professionals who hold such information are faced with a dilemma: they must choose between respecting confidentiality and communicating in the interest of family members. This thesis analyses the rules governing the confidentiality of genetic test results with regards to the rights of family members and the obligations of health professionals. A comparative analysis between the laws of Québec and France is undertaken. Legislation dealing with confidentiality is essentiatly based on the protection of the rights of individuals. Legislative exceptions are nevertheless provided in the interest of certain family members, but they are directed only to the biological family. The concept of "family" is thus restricted in the context of the confidentiality of genetic information. Disregarding confidentiality is not the best solution to the conflict between the rights of the person concerned and of those of his family, and such a solution is not contemplated either in Québec or in France. Health professionals must therefore place emphasis on informing the patient, a solution which offers great protection of the rights of all concemed. / "Mémoire présenté à la Faculté des études supérieures en vue de l'obtention du grade de maître en droit LL.M.". Ce mémoire a été accepté à l'unanimité et classé parmi les 15% des mémoires de la discipline. Commentaires du jury : "Mémoire de très bonne tenue. Exposé clair et synthétique. Approche relativement classique. Texte fort bien écrit."

Famille

Information génétique

Confidentialité

Secret professionnel

Family

Genetic infonnation

Confidentiality

Professional secrecy

Viešumo principas ir ikiteisminis tyrimas: teorija ir praktika / Publicity Principle and Pretrial Investigation: Theory and Practice

Pocius, Eugenijus

28 December 2006

Fundamental notions: Publicity principle, Pretrial investigation, The secrecy of the data of pretrial investigation. The content of publicity principle in penal code has been analyzed applying the methods of data analysis, comparison and classified analysis, and the place of the content in the system of the other principles of penal code has been assessed. The standards of penal code of the Republic of Lithuania regulating the run of publicity principle in pretrial investigation have also been analyzed. The content of the above mentioned standards has been revealed analyzing the practice of European Court of Human Rights and the Constitutional Court of the Republic of Lithuania. The conception of publicity principle and its place in the system of penal code is presented in the work; hereinafter the possibilities of participants and people who are uninterested in the result of criminal process are analyzed. The Constitution of the Republic of Lithuania consolidates the principles of free speech and other principles of democratic states, which guarantee the right to get information about all events and processes, including the investigation of criminal act and at the same time to enable the control of these processes and to influence them. The Law on Criminal Process of the Republic of Lithuania consolidates the attitude that the data of pretrial investigation cannot be declared. The secrecy of the data like the right to free speech cannot be considered as absolute value... [to full text]

Law

Viešumo principas

Ikiteisminio tyrimo duomenų paslaptis

Publicity principle

Ikiteisminis tyrimas