7,265 research outputs found
webXice: an Infrastructure for Information Commerce on the WWW
Systems for information commerce on the WWW have to support flexible business models if they should be able to cover a wide range of requirements imposed by the different types of information businesses. This leads to non-trivial functional and security requirements both on the provider and consumer side, for which we introduce an architecture and a system implementation, webXice. We focus on the question, how participants with minimal technological requisites, i.e. solely standard Web browsers available, can be technologically enabled to articipate in the information commerce at a system level, while not sacrificing the functionality and security required by an autonomous participant in an information commerce scenario. In particular, we propose an implementation strategy to efficiently support persistent message logging for light-weight clients, that enables clients to collect and manage non-reputiable messages as proofs. We believe that the capability to support minimal system platforms is a necessary precondition for the wide-spread use of any information commerce infrastructure
Knowledge Flow Analysis for Security Protocols
Knowledge flow analysis offers a simple and flexible way to find flaws in
security protocols. A protocol is described by a collection of rules
constraining the propagation of knowledge amongst principals. Because this
characterization corresponds closely to informal descriptions of protocols, it
allows a succinct and natural formalization; because it abstracts away message
ordering, and handles communications between principals and applications of
cryptographic primitives uniformly, it is readily represented in a standard
logic. A generic framework in the Alloy modelling language is presented, and
instantiated for two standard protocols, and a new key management scheme.Comment: 20 page
The New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election
In the world's largest-ever deployment of online voting, the iVote Internet
voting system was trusted for the return of 280,000 ballots in the 2015 state
election in New South Wales, Australia. During the election, we performed an
independent security analysis of parts of the live iVote system and uncovered
severe vulnerabilities that could be leveraged to manipulate votes, violate
ballot privacy, and subvert the verification mechanism. These vulnerabilities
do not seem to have been detected by the election authorities before we
disclosed them, despite a pre-election security review and despite the system
having run in a live state election for five days. One vulnerability, the
result of including analytics software from an insecure external server,
exposed some votes to complete compromise of privacy and integrity. At least
one parliamentary seat was decided by a margin much smaller than the number of
votes taken while the system was vulnerable. We also found protocol flaws,
including vote verification that was itself susceptible to manipulation. This
incident underscores the difficulty of conducting secure elections online and
carries lessons for voters, election officials, and the e-voting research
community
Comparative Analysis Of The Utilisation Of Electronic Commerce And Business In Polish E-shops In The Years 2009-2011
The aim of the article is to present the results of research concerning the utilisation of different aspects of electronic commerce and business in Polish e-shops, based on a number of comparative analyses performed for the years 2009-2011. Some of the presented data concern also the year 2008. The most important aspects covered by the analyses are: international trade and exports of Polish e-shops, marketing aspects of online businesses, the infrastructure and safety of Polish e-shops, their financial results, and also actions planned in order to minimise the effects of the economic crisis. The main conclusions drawn from these analyses, as well as predictions for the future for the Polish e-market, are also presented.Celem artykułu jest zaprezentowanie wyników badań dotyczących wykorzystania różnych aspektów handlu i biznesu elektronicznego w polskich e-sklepach oraz ich komparatywnej analizy wykonanej dla lat 2009-2011. Niektóre zaprezentowane dane dotyczą także roku 2008. Najważniejsze aspekty poruszane w analizach to: międzynarodowy handel i eksport polskich sklepów internetowych, aspekty marketingowe biznesu internetowego, infrastruktura i bezpieczeństwo polskich e-sklepów oraz ich wyniki finansowe, a także działania, które są planowane w celu zminimalizowania skutków kryzysu gospodarczego. W artykule zaprezentowane są również wnioski z wykonanych analiz oraz przewidywania na przyszłość dotyczące polskiego e-rynku
Formal Verification of Security Protocol Implementations: A Survey
Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac
Evolution of a supply chain management game for the trading agent competition
TAC SCM is a supply chain management game for the Trading Agent Competition (TAC). The purpose of TAC is to spur high quality research into realistic trading agent problems. We discuss TAC and TAC SCM: game and competition design, scientific impact, and lessons learnt
A Comparative Study of Card Not Present E-commerce Architectures with Card Schemes: What About Privacy?
International audienceInternet is increasingly used for card not present e-commerce ar-chitectures. Several protocols, such as 3D-Secure, have been proposed in the literature by Card schemes or academics. Even if some of them are deployed in real life, these solutions are not perfect considering data security and user's privacy. In this paper, we present a comparative study of existing solutions for card not present e-commerce solutions. We consider the main security and privacy trends of e-payment in order to make an objective comparison of existing solutions. This comparative study illustrates the need to consider privacy in deployed e-commerce architectures. This has never been more urgent with the recent release of the new specifications of 3D-secure
- …