A New Pseudo-Random Generator Based on Gollmann Cascades of Baker-Register-Machines

Abstract. In this paper, we present a new pseudo-random sequence generator, constructed by the generalized discrete Baker transformation. This new generator is called Cascaded Baker Register Machine (CBRM), which uses the sensitivity of chaotic behaviour and allows the application of automata- and shift-register theory. It is shown that a CBRM has good properties of randomness, such as large periods and high linear complexity. It can provide high cryptographic security with fast encryption speed, and can be realized effectively by both hardware and software.

Improving password system effectiveness.

As computers reach more aspects of our everyday life, so too do the passwords that keep them secure. Coping with these passwords can be a problem for many individuals and organisations who have to deal with the consequences of passwords being forgotten, yet little is known of this issue. This thesis considers the effectiveness of password authentication systems for three groups of stakeholders including users, support staff, and system owners. The initial problem of how to create memorable but secure passwords is reconceptualised as how to improve password system effectiveness. Interview, questionnaire, and system log studies in BT, and experiments at UCL-CS confirm some basic hypotheses about key variables impacting performance, and show that other variables than the memorability of password content are also important which have hitherto not figured in security research and practice. Interventions based on these findings are proposed. Empirical evaluation suggests that the interventions proposed that 'redesign' the user but exclude other parts of the system would fail. Reason's (1990) Generic Error Modelling System (GEMS) is used as a basis for modelling password system performance at the level of individual users. GEMS and the Basic Elements of Production are used generalise these findings, and for the first time to model information security. This new model, "Elevation", is validated by expert review, and a modified version is presented