Current Issue : January - March Volume : 2016 Issue Number : 1 Articles : 6 Articles
Dragonfly is Password Authenticated Key Exchange protocol that uses a shared session key to authenticate\nparties based on pre-shared secret password. It was claimed that this protocol was secure\nagainst off-line dictionary attack, but a new research has proved its vulnerability to off-line\ndictionary attack and proving step was applied by using ââ?¬Å?Patched Protocolââ?¬Â which was based on\npublic key validation. Unfortunately, this step caused a raise in the computation cost, which made\nthis protocol less appealing than its competitors. We proposed an alternate enhancement to keep\nthis protocol secure without any extra computation cost that was known as ââ?¬Å?Enhanced Dragonflyââ?¬Â.\nThis solution based on two-pre-shared secret passwords instead of one and the rounds between\nparties had compressed into two rounds instead of four. We prove that the enhanced-Dragonfly\nprotocol is secure against off-line dictionary attacks by analyzing its security properties using the\nScyther tool. A simulation was developed to measure the execution time of the enhanced protocol,\nwhich was found to be much less than the execution time of patched Dragonfly. The off-line dictionary\nattack time is consumed for few days if the dictionary size is 10,000. According to this, the\nuse of the enhanced Dragonfly is more efficient than the patched Dragonfly....
In this paper, we propose two different solutions for making a recently proposed asymmetric fingerprinting protocol\nbased on client-side embedding robust to collusion attacks. The first solution is based on projecting a client-owned\nrandom fingerprint, securely obtained through existing cryptographic protocols, using for each client a different\nrandom matrix generated by the server. The second solution consists in assigning to each client a Tardos code, which\ncan be done using existing asymmetric protocols, and modulating such codes using a specially designed random\nmatrix. Suitable accusation strategies are proposed for both solutions, and their performance under the averaging\nattack followed by the addition of Gaussian noise is analytically derived. Experimental results show that the analytical\nmodel accurately predicts the performance of a realistic system. Moreover, the results also show that the solution\nbased on independent random projections outperforms the solution based on Tardos codes, for different choices of\nparameters and under different attack models....
With the rapid evolution of data exchange in network environments, information security has\nbeen the most important process for data storage and communication. In order to provide such\ninformation security, the confidentiality, data integrity, and data origin authentication must be\nverified based on cryptographic encryption algorithms. This paper presents a new emerging trend\nof modern symmetric encryption algorithm by development of the advanced encryption standard\n(AES) algorithm. The new development focuses on the integration between Quantum Key Distribution\n(QKD) and an enhanced version of AES. A new quantum symmetric encryption algorithm,\nwhich is abbreviated as Quantum-AES (QAES), is the output of such integration. QAES depends on\ngeneration of dynamic quantum S-Boxes (DQS-Boxes) based quantum cipher key, instead of the\nordinary used static S-Boxes. Furthermore, QAES exploits the specific selected secret key generated\nfrom the QKD cipher using two different modes (online and off-line)....
A lot of privacy protection technologies have been proposed, but most of them are independent and aimat protecting some specific\nprivacy. There is hardly enough deep study into the attributes of privacy. To minimize the damage and influence of the privacy\ndisclosure, the important and sensitive privacy should be a priori preserved if all privacy pieces cannot be preserved. This paper\nfocuses on studying the attributes of the privacy and proposes privacy information security classification (PISC) model.The privacy\nis classified into four security classifications by PISC, and each classification has its security goal, respectively. Google search engine\nis taken as the research platform to collect the related data for study. Based on the data from the search engine, we got the security\nclassifications of 53 pieces of privacy....
The article represents results of research of information security problem in social and human aspects. Authors\nassume that information sciences are usually focused on detecting and further processing of technical mechanisms\nand tools for support of information security. However, the analysis of social and human factors influencing\ngrowth of criminality in the field of information technologies, search for complex measures and methods aiming to\ndecrease human risks arising from computer criminality is very important as well. One of solutions for information\nsecurity problem in credit and financial spheres is shown on the example of bank system of Russia. Special\nattention is drawn to analysis of specificity and dynamics of hacker subculture, its place in cybercrime, taking into\naccount interdisciplinary direction of research of the information security problem. The authors of the article came\nto the conclusion that early detecting and studying existing and potential threats, notifying system administrators\nand other technical personnel on such threats and coordinating their activity, as well as cultural and educational\npolicy of states and international communities aiming to create a positive information security expert image, are\nvery important for the information security support....
Biometric authentication systems are believed to be effective compared to traditional authentication\nsystems. The introduction of biometrics into smart cards is said to result into biometric-based\nsmart ID card with enhanced security. This paper discusses the biometric-based smart ID card\nwith a particular emphasis on security and privacy implications in Rwanda universities environment.\nIt highlights the security and implementation issues. The analysis shows that despite the\nnecessity to implement biometric technology, absence of legal and regulatory requirements becomes\na challenge to implementation of the proposed biometric solution. The paper is intended to\nengage a broad audience from Rwanda universities planning to introduce the biometric-based\nsmart ID cards to verify students and staff for authentication purpose....
Loading....