Free Essay

Modern Cryptography Research Paper

In:

Submitted By chaitanya653
Words 1535
Pages 7
CS 6903 - Applied Cryptography Lecture 10: Lecture 10, slides 3-15
Speaker: Giovanni Di Crescenzo, Scribe: Chaitanya Bhorade December 13, 2014

Summary:
This document contains notes for Lecture 10, slides 3-15. These are the lecture notes with some additional information by the scribe, for Lecture 10 Slides 3- 15. The primary focus is on Digital Signatures and its constructions. Properties of a digital signature is then discussed. This is followed by some Digital Signature schemes. And finally Digital Signatures in practice are shown to conclude the notes.

1

Introduction

Digital Signatures is a concept derived form a normal signature which is used to confirm the origin of a received document. Asymmetric cryptographic technique is been implemented to ensure whether the received document is authenticated or not. With some factors, a digital signature offers more security than a real-life signature. Because it is difficult to convert a digital signature for message m which can be used as a sign a new message m’ A digital signature for a document would be bits which are derived from: the document and the secret key of the signer.The public key is available freely to anyone who wants to verify the signature. Whereas the other key, which is a secret key, is only known to the one that is authorized to generate the signatures which are associated with that public key.

2

Properties of Digital Signature
• Integrity: Recipients can be confident that the message has not been accidentally modified. 1

• Authentication: Recipients can be confident that a message is originated from the sender. • Publicly Verifiable: Along with the recipient, anyone who has a public key provided by the signer, can verify the signature validity. • Non-repudiation: The signer cannot deny having signed a message. • Non-repudiation: A signed document with any recipient can be transferred to anyone, who in turn can verify the original senders signature.

2.1

Additional properties of a Digital Signature

A signature cannot be used to validate any different document as a digital signature depends on that specific signed document. Someone who has a secret information can only create a signature. A documents signature can be validated without knowing the secret information used to create the digital signature. A signature wont be valid, when a document is produced that differs from an original document by one bit.

3

Example of Validating Data Integrity

Figure 1: Digital Signature Scheme used to validate data Integrity. The above figure 1 shows two items transferred to the recipient of some signed data (original data and the digital signature). The digital signature 2

would be the one way hash of the data which is encrypted with the signers private key. In order to validate the integrity of the data, the receiving side would use the public key to decrypt the hash. It then uses the same hashing algorithm which was used to generate a hash of the original data. Finally both the hashes are compared. If they do not match, then the data has been changed or the public key used for the second hash is faulty or doesnt have any relation with the original signed document. Basically Signer or sender uses public key and the secret key to compute a digital signature of the message, and the receiver or in digital signatures case, anyone who wants to verify validity uses the public key. Signer decides to reveal the public key upfront.

4

Syntax in signature scheme
• A digital signature scheme consists of three algorithms (G,S,V) such that: The key generation algorithm G is a randomized algorithm that returns a public key PK and a secret key SK, we can write it as R (P K, SK) ←− G(1n ). − • The signing algorithm S is a (possibly) randomized algorithm that takes the secret key SK and a message m and outputs a signature σ; we write R σ ←− SSK (m). − • The verification algorithm V is a deterministic algorithm that takes the public key PK, a message m, and a signature σ, and outputs VP K (m, σ) ∈ accept, reject.

We require VP K (m, SSK (m)) = accept for all (P K, SK) ←− G(1n ) and − m ∈ {0, 1}∗ .

R

Figure 2: Syntax of Digital Signature Scheme. Above figure 2 is a diagrammatic representation of the syntax of a digital signature scheme.

3

4.1

Digital Signatures: correctness and security

A. Correctness: • Vrfy would always output 1 on inputs returned by KG and Sign. B. Security: • Existential unforgeability under adaptive chosen message attack :A signature scheme (G,S,V) is secure if for every PPT A, there is a negligible function such that P r[ASSK (.) (P K)f orges] ≤ (k)
R

∀k,

where the probability is taken over (P K, SK) ←− G(1k ) and the − coin tosses of A.“Af orges” ≡ A produces a pair (m, σ) for which (a)VP K (m, σ) = accept, and (b) m is different from all of A’s queries to the SSK − oracle.

5
5.1

Digital Signature Schemes
Textbook and Hashed RSA Schemes

Correctness holds in Textbook RSA scheme as e ∗ d = 1 mod φ(n) which implies that se mod n = (med ) mod n = m1 mod n = m. Textbook RSA scheme violates existential unforgeability without a chosen message attack and also violates universal unforgeability using a chosen message attack. Hashed RSA scheme is used by replacing m with H(m), for a collisionintractable function H. Because of which Textbook RSA scheme attacks do not work.

5.2

Lamports scheme (for 1/n-bit messages)

Theorem: If one-way functions exist, this is a one-time digital signature scheme for 1-bit messages. Proof: Assume this is not a one-time signature scheme; then there exists an adversary A that queries signing oracle with bit m, thus obtaining signature s, and then returns pair (m’,s’) such that m’=m and s’ is a valid signature of 4

m’ with some not negligible probability. Note that because m’=m, s’ satisfies f(s’)=y(1-m). This can be used to invert f with the same probability using a proof by reduction. Theorem: If one-way functions exist, this is a one-time signature scheme for n-bit messages. Proof: Assume that this is not a one-time signature scheme; then there exists an efficient adversary A that makes 1 query m to the signing oracle, thus obtaining signature s, and then returns a pair (m’,s’) such that m’=m and s’ is a valid signature of m’ with some not negligible probability

5.3

The Hash and Sign paradigm

Theorem: If H is a collision-intractable hash function and (KG,Sign,Vrfy) is a signature scheme for fixed-length messages, then (KG’,Sign’,Vrfy’) is a signature scheme for arbitrary-length messages. Proof: A forgery must involve either a forgery of the scheme for fixed-length messages or finding a collision in H.

5.4

El Gamal digital signature schemes

It is based on the difficulty of computing Discrete Logarithms and a collisionintractable hash function H. Here, an attacker can forge signatures by finding the secret key.

5.5

The DSA digital signature schemes

In 1991, NIST proposed DSA for use in their Digital Signature Standard (DSS). It was adopted in 1994. There were several criticisms against DSA: DSA is slower than RSA. RSA is the de facto standard. The DSA selection process was not public. DSA cannot be used for encryption or key distribution. DSA was developed by the NSA, and there may be a trapdoor in the algorithm.

5

The key size (512 bits) is too small. In response to this criticism, NIST made the key size variable, from 512 to 1024 bits.

6
6.1

Digital Signatures in Practice
Hash-then-sign with plain RSA

PK =(N, e), SK =(N, d) s.t. e*d ≡1 (mod φ(N)). SSK (m)=(H(m))d mod N where H is SHA-1 or MD5. Intuition: adversary has “no control” over H(m), so cannot forge by choosing signature first, or by exploiting special inputs on which RSA is easy to invert. RSA PKCS 1: H(m) = 001FF FF00.. SHA-1(m).

∗ No justification. ∗ Doesn’t seem related to one-wayness of RSA since H(m) is always of very special form.

6.2

El Gamal signatures

PK = (p, g, x), SK = (p, g, x) where x = g x mod p. ˆ ˆ SSK (m): 1. Choose y←− Zp−1 ; let y = g y mod p. − ˆ m xˆ y 2. Find s.s.t. g ≡ g . y s (mod p). ˆ 3. Output σ = (ˆ, s). y How does the signer compute s? We have m≡ xˆ + ys (mod (p-1)) and y the signer knows X, y, y ,m so he can compute (m − xˆ)y −1 modulo (p-1). ˆ y y VP K (m, (y, s)) : Check that g m ≡ g xˆ . y s (mod p). ˆ R

Not secure! (Similar attacks as plain trapdoor functions.) Digital Signature Standard (1991, NIST+NSA): hash-then-sign, using SHA1 and DSA (variant of El Gamal).

6

References: • https : //access.redhat.com/documentation • http : //www.mccurley.org • http : //en.wikipedia.org/wiki/Digitals ignature • seas.harvard.edu

7

Similar Documents

Free Essay

Steganography: a Review of Information Security Research and Development in Muslim World

...Steganography: A Review of Information Security Research and Development in Muslim World Abstract Conveying secret information and establishing hidden relationship has been a great interest since long time ago. Therefore, there are a lot of methods that have been widely used since long past. This paper reviewed one of the methods for establishing hidden communication in information security and has gained attraction in recent years that is Steganography. Steganography is the art and science of hiding a secret message in a cover media such as image, text, signals or sound in such a way that no one, except the intended recipient knows the existence of the data. In this paper, the research and development of steganography from three years back starting from 2010 until recently, 2013 in Muslim world are reviewed. The future research in the field of Steganography is briefly discussed. Keywords Cover Image, Stego Image, Cryptography, Steganography, Information Hiding, Information Security, Muslim World 1 Introduction In today’s information technology era, the internet has played a vital part in the communication and information sharing. Due to the rapid development in Information Technology and Communication and the Internet, the security of the data and the information has raised concerned. Every day, confidential data has been compromised and unauthorized access of data has crossed the limits. Great measures should be taken to protect the data and information [5,...

Words: 3746 - Pages: 15

Premium Essay

Encryption in Today's Information Systems

...encryption standards, the trends and developments in encryption technology, the importance of securing data, the government’s regulations pertaining to encryption, the companies involved in research and implementation, the implications of leaked or stolen data, and a brief look into the recent Heartbleed vulnerability. Encryption is at the heart of security in today’s networked world. When using the Internet, users are not always clicking around and taking in information passively, such as reading through their Facebook feed, a blog, or a news article. Often times, they are transmitting their own information while shopping online or registering for a website such as Twitter (Tyson 2014). Users take for granted the “behind the scenes” process of safeguarding the information they share while performing these day to day tasks. Simply put, encryption refers to any process used to make data more secure and less likely to be viewed or read by unauthorized or unintended parties (Tom’s Guide 2014). Encryption relies on the science of cryptography, which humans have used for thousands of years. Before the dawn of the information age, the majority of those who used cryptography were governments; particularity for their militaries. The Greek historian Plutarch recorded the use of simple cryptography by Spartan generals. The general and admirals would use a thin, wooden cylinder, called a scytale, to send...

Words: 767 - Pages: 4

Premium Essay

Cryptography

...secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography, which is the focus of this chapter. But it is important to note that while cryptography is necessary for secure communications, it is not by itself sufficient. The reader is advised, then, that the topics covered in this chapter only describe the first of many steps necessary for better security in any number of situations. This paper has two major purposes. The first is to define some of the terms and concepts behind basic cryptographic methods, and to offer a way to compare the myriad cryptographic schemes in use today. The second is to provide some real examples of cryptography in use today. I would like to say at the outset that this paper is very focused on terms, concepts, and schemes in current use and is not a treatise of the whole field. No mention is made here about pre-computerized crypto schemes, the difference between a substitution and transposition cipher, cryptanalysis, or other history. Interested readers should check out some of the books in the references section below for detailed — and interesting! — background information. 2. THE PURPOSE OF CRYPTOGRAPHY Cryptography is the science of writing in secret code and is an ancient art; the first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian...

Words: 7926 - Pages: 32

Premium Essay

Pert

...Computer science From Wikipedia, the free encyclopedia Jump to: navigation, search Computer science or computing science (abbreviated CS) is the study of the theoretical foundations of information and computation and of practical techniques for their implementation and application in computer systems.[1][2] Computer scientists invent algorithmic processes that create, describe, and transform information and formulate suitable abstractions to model complex systems. Computer science has many sub-fields; some, such as computational complexity theory, study the fundamental properties of computational problems, while others, such as computer graphics, emphasize the computation of specific results. Still others focus on the challenges in implementing computations. For example, programming language theory studies approaches to describe computations, while computer programming applies specific programming languages to solve specific computational problems, and human-computer interaction focuses on the challenges in making computers and computations useful, usable, and universally accessible to humans. The general public sometimes confuses computer science with careers that deal with computers (such as information technology), or think that it relates to their own experience of computers, which typically involves activities such as gaming, web-browsing, and word-processing. However, the focus of computer science is more on understanding the properties of the programs used to implement...

Words: 5655 - Pages: 23

Premium Essay

Motion Vector

...International Journal of Engineering Trends and Technology- Volume3Issue3- 2012 Hiding Messages Using Motion Vector Technique In Video Steganography P.Paulpandi1, Dr.T.Meyyappan,M.sc.,M.Phil.,M.BA.,Ph.D2 Research Scholar1, Associate professor2 Department of Computer Science & Engineering, Alagappa University,Karaikudi. Tamil Nadu,India. Abstract- Steganography is the art of hiding information in ways that avert the revealing of hiding messages.Video files are generally a collection of images. so most of the presented techniques on images and audio can be applied to video files too. The great advantages of video are the large amount of data that can be hidden inside and the fact that it is a moving stream of image. In this paper, we proposed a new technique using the motion vector, to hide the data in the moving objects. Moreover, to enhance the security of the data, the data is encrypted by using the AES algorithm and then hided. The data is hided in the horizontal and the vertical components of the moving objects. The PSNR value is calculated so that the quality of the video after the data hiding is evaluated. Keywords- Data hiding, Video Steganography,PSNR, Moving objects, AES Algorithm. I. INTRODUCTION Since the rise of the Internet one of the most important factors of information technology and communication has been the security of information. Steganography is a technology that hides a user defined information within an object, a text...

Words: 2564 - Pages: 11

Free Essay

Network

...without cabling for client devices, typically reducing the costs of network deployment and expansion. As of 2007 wireless network adapters are built into most modern laptops. The price of chipsets for Wi-Fi continues to drop, making it an economical networking option included in ever more devices. Wi-Fi has become widespread in corporate infrastructures, which also helps with the deployment of RFID technology that can piggyback on Wi-Fi. WiFi is a global set of standards, unlike mobile telephones, any standard Wi-Fi device will work anywhere in the world. Other important trends in wireless adoptions are including the introduction of wireless email with devices such as the Blackberry and The Palm VII, rampant digital cell phone use, including the use of short message service (SMWS), and the advent of Bluetooth devices. But the risks associated with the adoption of wireless networking are only now coming to light. A number of impressive attacks are possible and have been heavily publicized, especially in the IEEE 802.11b area. As far as base technology is concerned, wireless security appears to be following the usual “penetrate and path” route. Early wireless security focused almost exclusively on cryptography and secure transmission-with unfortunate results thus far. Wired Equivalency Privacy (WEP) security, the cryptography built...

Words: 6431 - Pages: 26

Premium Essay

Some Problems in Symmetric and

...Some Problems in Symmetric and Asymmetric Cryptography A thesis submitted for the partial fulfillment of the degree of Doctor of Philosophy in Mathematics By SANTOSH KUMAR YADAV Under the supervision of Prof. Sunder Lal and Prof. S. C. Arora DEPARTMENT OF MATHEMATICS DR. B. R. AMBEDKAR UNIVERSITY, AGRA (FORMERLY AGRA UNIVERSITY) 2010 *Sanskrit verse dating back to the pre-Christian era Dedicated to my Teachers, Friends, Students and Family Members DECLARATION I do hereby declare that the present research work has been carried out by me under the supervision of Prof. Sunder Lal and Prof. S. C. Arora. This work has not been submitted elsewhere for any other degree, diploma, fellowship or any other similar title. Santosh Kumar Yadav Research Scholar CERTIFICATE This is to certify that the thesis entitled “Some Problems in Symmetric and Asymmetric Cryptography” submitted to Dr. B.R.Ambedkar University, Agra for the degree of Doctor of Philosophy by Mr. Santosh Kumar Yadav, is a bonafide record of research work done by him under our supervision. To the best of our knowledge, this thesis has not previously formed the basis for the award to any candidate of any degree, diploma, fellowship or any other similar title and the work has not been submitted to any university or institution, for the award of any other degree. S. C. ARORA SUNDER LAL (Co-supervisor) (Supervisor) Professor Professor of Mathematics, and Department of Mathematics Pro-Vice Chancellor ...

Words: 37424 - Pages: 150

Free Essay

Ecash

...Journal of Electronic Commerce Research, VOL. 5, NO.4, 2004 USING E-CASH IN THE NEW ECONOMY: AN ECONOMIC ANALYSIS OF MICROPAYMENT SYSTEMS Michelle Baddeley Gonville & Caius College and Faculty of Economics and Politics, Cambridge, UK mb150@cam.ac.uk ABSTRACT The growth of electronic commerce is dependent upon the emergence of effective electronic payment systems. Whilst payments for large purchases can be made relatively easily using credit/debit cards, small-scale electronic commerce is constrained by the limited nature of existing e-cash (or ‘micropayments’) systems. This paper outlines the evolution of electronic payment systems, leading to an analysis of the essential characteristics of e-cash, and microeconomic / macroeconomic implications of the development of e-cash. Finally, the key characteristics of successful electronic payment innovations are analysed using binary dependent variable estimation techniques on data derived from the Electronic Payments Systems Observatory (ePSO) database. Keywords: e-cash, micro-payment systems, e-commerce 1. Introduction Electronic commerce is growing at an increasing pace and financial instruments are adapting to the increased volume of spending taking place over the Internet (Economides, 2001). Until now, most buyers have used credit arrangements or checking accounts as the principle means of paying for Internet purchases. There is however, a 'price umbrella' underneath credit-card transactions that makes them...

Words: 11078 - Pages: 45

Premium Essay

History of Cryptography

...History of Cryptography AN EASY TO UNDERSTAND HISTORY OF CRYPTOGRAPHY Contents 1. Introduction 2. Classical Encryptions (Ancient Times) 3. Classical Encryptions (Middle Ages) The Cipher of Mary Queen of Scots Vigenère Ciphers Uesugi Cipher 3 4 6 6 6 7 4. Modern Ciphers: Ciphers during World War I and the Emergence of Encryption Machines German Communication Cables Disconnected by the United Kingdom Zimmermann Telegram ADFGVX Cipher The Birth of Enigma 8 8 8 8 9 5. Modern Ciphers: Encryptions in the Computer and Internet Era DES Cipher Public-Key Cryptosystem RSA Cipher Decrypting the DES Cipher Responsive Action of Cipher Enhancements for SSL 10 10 10 11 12 12 6. The Future of Encryption 7. Conclusion: Enhancing the Effectiveness of Encryptions used for SSL References 13 14 14 2 © 2013 Thawte, Inc. All rights reserved. Thawte, the thawte logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Thawte, Inc. and its subsidiaries and affi liates in the United States and in foreign countries. All other trademarks are property of their respective owners. 1. Introduction E ncryption and related technologies are widely and frequently used as a means of ensuring that information is secure, and their importance has been growing with the increasingly widespread utilization of the Internet. The use of encryption can be traced to as far back as about 3000 B.C., during the Babylonian Era. Encryption technologies...

Words: 6411 - Pages: 26

Premium Essay

Teleputers

...are taking advantage of new communications to make organizations more efficient, effective, and user friendly. These systems have superior advantages, but with the many advantages noted there are also disadvantages. The health care system has to decide if the financial impact of changing its system is beneficial in the long run. Because technology is always updating, incorporating a new communication system may only be useful for a short time. Immense growth in medical knowledge and technology spawned an era of specialization in which doctors focused on particular aspects of health called, ‘”specialization” (DuPre, p. 38). This paper will be discussing a new technology termed as “teleputers.” Teleputers are small mobile devices used as a computer, phone, and entertainment. In 1999 researches predicted that people would use teleputers to conduct research, play games, surf the internet, and transfer information (DuPre p. 321). Many people use smart phones. A smart phone is a mobile, hand held computer that is used as a phone, planner, clock, game and entertainment system, and much more. How is this important in health care communications? Health care systems sometimes have supportive groups to convey information through telephones and computers. These are virtual communities (Du Pre, p. 182). Having “teleputers” makes sharing information easier and more convenient. A patient would not have to rush home or get to the library to access his or her supportive resources. Easy access...

Words: 901 - Pages: 4

Free Essay

Matrices and Its Application

...Term Paper On Matrices and its Application | Chapter-01: Introduction | 1-3 | 1.1 Background of the Study | 1 | 1.2 Origin of the Study | 2 | 1.3 Objective of the Study | 2 | 1.4 Methodology of the Study | 3 | 1.5 Scope and Limitation of the Study | 3 | Chapter-02: Theoretical Overview | 4-8 | 2.1 Definition of Matrix | 4 | 2.2 Matrix Notation | 4 | 2.3 History of Matrix | 5 | 2.4 Types of Matrix | 6 | 2.4.1 Row Matrix | 6 | 2.4.2 Column Matrix | 6 | 2.4.3 Rectangular Matrix | 6 | 2.4.4 Square Matrix | 6 | 2.4.5 Zero Matrix | 7 | 2.4.6 Upper Triangular Matrix | 7 | 2.4.7 Lower Triangular Matrix | 7 | 2.4.8 Diagonal Matrix | 7 | 2.4.9 Scalar Matrix | 7 | 2.4.10 Identity Matrix | 8 | 2.4.11 Transpose Matrix | 8 | 2.4.12 Regular Matrix | 8 | 2.4.13 Singular Matrix | 8 | Chapter-03: Matrices Operation | 9-15 | 3.1. Properties of matrix operation | 9 | 3.1.1 Properties of subtraction | 9 | 3. 1.2 Properties of Addition | 9 | 3.1.3 Properties of Matrix Multiplication | 10 | 3.1.4 Properties of Scalar Multiplication | 10 | 3.1.5 Properties of the Transpose of a Matrix | 10 | 3.2 Matrix Operation | 11 | 3.2.1 Matrix Equality | 12 | 3.2.2 Matrix Addition | 12 | 3.2.3 Matrix Subtraction | 12 | 3.2.4 Matrix Multiplication | 12 | 3.2.5 Multiplication of Vectors | 14 | 3.3 Inverse of Matrix | 15 | 3.4 Elementary Operations | 15 | Chapter-04: Application of Matrix | 16-21 | 4...

Words: 6438 - Pages: 26

Premium Essay

Pretty Good Privacy

...Chapter – 1 Introduction Virtually all businesses, most government agencies and many individuals now have web sites. The number of individuals and companies with internet access is expanding rapidly and all of these have graphical user browser. As a result businesses are enthusiastic about setting up facilities on the web for electronic commerce. But in real web and internet are vulnerable to compromises with various sorts. As business wake up to this reality, the demand for secure web services grows. There are two types of threats to the web services : 1.1 Passive attacks : It is eavesdropping on network traffic between browser and server and gaining access to information on a web site that is supposed to be restricted. 1.2 Active attack : It includes impersonating another user, altering messages in transit between client and server and altering information on a web site. In all distributed environment electronic mail is the most heavily used network based application. It is the only application that is widely used across all architecture and vendor platforms. Users expect to be able to and do, send mail to others who are connected directly or indirectly to the internet. PGP(Pretty Good Privacy) is an open-source freely available software for E-Mail security. It provides authentication through the use of digital signature, confidentiality through the use of symmetric block encryption, compression using the ZIP algorithm, E-Mail compatibility using...

Words: 27771 - Pages: 112

Premium Essay

The Fluidity of Computer Science

...The Fluidity of Computer Science. Gender Norms & Racial Bias in the Study of the Modern "Computer Science" Computer science or computing science designates the scientific and mathematical approach in computing. A computer scientist is a scientist who specialises in the theory of computation and the design of computers. Its subfields can be divided into practical techniques for its implementation and application in computer systems and purely theoretical areas. Some, such as computational complexity theory, which studies fundamental properties of computational problems, are highly abstract, while others, such as computer graphics, emphasize real-world applications. Still others focus on the challenges in implementing computations. For example, programming language theory studies approaches to description of computations, while the study of computer programming itself investigates various aspects of the use of programming languages and complex systems, and human-computer interaction focuses on the challenges in making computers and computations useful, usable, and universally accessible to humans. Computer science deals with the theoretical foundations of information, computation, and with practical techniques for their implementation and application. History The earliest foundations of what would become computer science predate the invention of the modern digital computer. Machines for calculating fixed numerical tasks such as the abacus have existed since antiquity...

Words: 2298 - Pages: 10

Premium Essay

Analysis of an Electronic Voting System

...This paper, copyright the IEEE, appears in IEEE Symposium on Security and Privacy 2004. IEEE Computer Society Press, May 2004. This paper previously appeared as Johns Hopkins University Information Security Institute Technical Report TR-2003-19, July 23, 2003. Analysis of an Electronic Voting System TADAYOSHI KOHNO∗ A DAM S TUBBLEFIELD† DAN S. WALLACH§ February 27, 2004 AVIEL D. RUBIN‡ Abstract With significant U.S. federal funds now available to replace outdated punch-card and mechanical voting systems, municipalities and states throughout the U.S. are adopting paperless electronic voting systems from a number of different vendors. We present a security analysis of the source code to one such machine used in a significant share of the market. Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts. We identify several problems including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. We show that voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal software. Furthermore, we show that even the most serious of our outsider attacks could have been discovered and executed without access to the source code. In the face of such attacks, the usual worries about insider threats are not the only concerns; outsiders can do the damage. That...

Words: 12856 - Pages: 52

Free Essay

Keylogging

...Keylogging-resistant Visual Authentication Protocols DaeHun Nyang, Member, IEEE, Aziz Mohaisen, Member, IEEE, Jeonil Kang, Member, IEEE, Abstract—The design of secure authentication protocols is quite challenging, considering that various kinds of root kits reside in PCs (Personal Computers) to observe user’s behavior and to make PCs untrusted devices. Involving human in authentication protocols, while promising, is not easy because of their limited capability of computation and memorization. Therefore, relying on users to enhance security necessarily degrades the usability. On the other hand, relaxing assumptions and rigorous security design to improve the user experience can lead to security breaches that can harm the users’ trust. In this paper, we demonstrate how careful visualization design can enhance not only the security but also the usability of authentication. To that end, we propose two visual authentication protocols: one is a one-time-password protocol, and the other is a password-based authentication protocol. Through rigorous analysis, we verify that our protocols are immune to many of the challenging authentication attacks applicable in the literature. Furthermore, using an extensive case study on a prototype of our protocols, we highlight the potential of our approach for real-world deployment: we were able to achieve a high level of usability while satisfying stringent security requirements. Index Terms—Authentication, Smartphone, Malicious code, Keylogger, I. INTRODUCTION...

Words: 12707 - Pages: 51