7,265 research outputs found

    webXice: an Infrastructure for Information Commerce on the WWW

    Get PDF
    Systems for information commerce on the WWW have to support flexible business models if they should be able to cover a wide range of requirements imposed by the different types of information businesses. This leads to non-trivial functional and security requirements both on the provider and consumer side, for which we introduce an architecture and a system implementation, webXice. We focus on the question, how participants with minimal technological requisites, i.e. solely standard Web browsers available, can be technologically enabled to articipate in the information commerce at a system level, while not sacrificing the functionality and security required by an autonomous participant in an information commerce scenario. In particular, we propose an implementation strategy to efficiently support persistent message logging for light-weight clients, that enables clients to collect and manage non-reputiable messages as proofs. We believe that the capability to support minimal system platforms is a necessary precondition for the wide-spread use of any information commerce infrastructure

    Knowledge Flow Analysis for Security Protocols

    Full text link
    Knowledge flow analysis offers a simple and flexible way to find flaws in security protocols. A protocol is described by a collection of rules constraining the propagation of knowledge amongst principals. Because this characterization corresponds closely to informal descriptions of protocols, it allows a succinct and natural formalization; because it abstracts away message ordering, and handles communications between principals and applications of cryptographic primitives uniformly, it is readily represented in a standard logic. A generic framework in the Alloy modelling language is presented, and instantiated for two standard protocols, and a new key management scheme.Comment: 20 page

    The New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election

    Full text link
    In the world's largest-ever deployment of online voting, the iVote Internet voting system was trusted for the return of 280,000 ballots in the 2015 state election in New South Wales, Australia. During the election, we performed an independent security analysis of parts of the live iVote system and uncovered severe vulnerabilities that could be leveraged to manipulate votes, violate ballot privacy, and subvert the verification mechanism. These vulnerabilities do not seem to have been detected by the election authorities before we disclosed them, despite a pre-election security review and despite the system having run in a live state election for five days. One vulnerability, the result of including analytics software from an insecure external server, exposed some votes to complete compromise of privacy and integrity. At least one parliamentary seat was decided by a margin much smaller than the number of votes taken while the system was vulnerable. We also found protocol flaws, including vote verification that was itself susceptible to manipulation. This incident underscores the difficulty of conducting secure elections online and carries lessons for voters, election officials, and the e-voting research community

    Comparative Analysis Of The Utilisation Of Electronic Commerce And Business In Polish E-shops In The Years 2009-2011

    Get PDF
    The aim of the article is to present the results of research concerning the utilisation of different aspects of electronic commerce and business in Polish e-shops, based on a number of comparative analyses performed for the years 2009-2011. Some of the presented data concern also the year 2008. The most important aspects covered by the analyses are: international trade and exports of Polish e-shops, marketing aspects of online businesses, the infrastructure and safety of Polish e-shops, their financial results, and also actions planned in order to minimise the effects of the economic crisis. The main conclusions drawn from these analyses, as well as predictions for the future for the Polish e-market, are also presented.Celem artykułu jest zaprezentowanie wyników badań dotyczących wykorzystania różnych aspektów handlu i biznesu elektronicznego w polskich e-sklepach oraz ich komparatywnej analizy wykonanej dla lat 2009-2011. Niektóre zaprezentowane dane dotyczą także roku 2008. Najważniejsze aspekty poruszane w analizach to: międzynarodowy handel i eksport polskich sklepów internetowych, aspekty marketingowe biznesu internetowego, infrastruktura i bezpieczeństwo polskich e-sklepów oraz ich wyniki finansowe, a także działania, które są planowane w celu zminimalizowania skutków kryzysu gospodarczego. W artykule zaprezentowane są również wnioski z wykonanych analiz oraz przewidywania na przyszłość dotyczące polskiego e-rynku

    Formal Verification of Security Protocol Implementations: A Survey

    Get PDF
    Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac

    Evolution of a supply chain management game for the trading agent competition

    Get PDF
    TAC SCM is a supply chain management game for the Trading Agent Competition (TAC). The purpose of TAC is to spur high quality research into realistic trading agent problems. We discuss TAC and TAC SCM: game and competition design, scientific impact, and lessons learnt

    A Comparative Study of Card Not Present E-commerce Architectures with Card Schemes: What About Privacy?

    Get PDF
    International audienceInternet is increasingly used for card not present e-commerce ar-chitectures. Several protocols, such as 3D-Secure, have been proposed in the literature by Card schemes or academics. Even if some of them are deployed in real life, these solutions are not perfect considering data security and user's privacy. In this paper, we present a comparative study of existing solutions for card not present e-commerce solutions. We consider the main security and privacy trends of e-payment in order to make an objective comparison of existing solutions. This comparative study illustrates the need to consider privacy in deployed e-commerce architectures. This has never been more urgent with the recent release of the new specifications of 3D-secure
    corecore