Public key cryptography in resource-constrained WSN

In this paper we present a detailed review of the works on public key cryptography (PKC) in wireless sensor networks (WSNs). In the early days of sensor networks, public key cryptography was thought to be completely unfeasible considering its computational complexity and energy requirements. By this time, several works have proved that the lightweight versions of many well-known public key algorithms can be utilized in WSN environment. With the expense of a little energy, public key based schemes could in fact be the best choice for ensuring data security in high-security demanding WSN applications. Here, we talk about the notion of public key cryptography in WSN, its applicability, challenges in its implementation, and present a detailed study of the significant works on PKC in WSN

Misplaced Priorities: The Utah Digital Signature Act and Liability Allocation in a Public Key Infrastructure

This Comment examines the Utah Digital Signature Act, signed into law on March 9, 1995. The Utah Act promotes the use of digital signatures on computer-based documents. This Comment analyzes the allocation of liability and evidentiary burdens imposed by the Utah Act, and compares these provisions to three analogous models. The author asserts that the liability allocations of the Utah Act inappropriately impose potentially unlimited risk on users of digital signatures. He also suggests an alternative approach to the apportionment of liability in a public key infrastructure

The limit of blockchains: Infeasibility of a smart obama-trump contract

Although smart contracts are Turing complete, it is a misconception that they can fulfill all routine contracts.Scopu

Eesti elektrooniline ID-kaart ja selle turvaväljakutsed

Eesti elektrooniline isikutunnistust (ID-kaart) on üle 18 aasta pakkunud turvalist elektroonilist identiteeti Eesti kodanikele. Avaliku võtme krüptograafia ja kaardile talletatud privaatvõti võimaldavad ID-kaardi omanikel juurde pääseda e-teenustele, anda juriidilist jõudu omavaid digiallkirju ning elektrooniliselt hääletada. Käesolevas töös uuritakse põhjalikult Eesti ID-kaarti ning sellega seotud turvaväljakutseid. Me kirjeldame Eesti ID-kaarti ja selle ökosüsteemi, seotud osapooli ja protsesse, ID-kaardi elektroonilist baasfunktsionaalsust, seotud tehnilisi ja juriidilisi kontseptsioone ning muid seotud küsimusi. Me tutvustame kõiki kasutatud kiipkaardiplatforme ja nende abil väljastatud isikutunnistuste tüüpe. Iga platformi kohta esitame me detailse analüüsi kasutatava asümmeetrilise krüptograafia funktsionaalsusest ning kirjeldame ja analüüsime ID-kaardi kauguuendamise lahendusi. Lisaks esitame me süstemaatilise uurimuse ID-kaardiga seotud turvaintsidentidest ning muudest sarnastest probleemidest läbi aastate. Me kirjeldame probleemide tehnilist olemust, kasutatud leevendusmeetmeid ning kajastust ajakirjanduses. Käesoleva uurimustöö käigus avastati mitmeid varem teadmata olevaid turvaprobleeme ning teavitati nendest seotud osapooli. Käesolev töö põhineb avalikult kättesaadaval dokumentatsioonil, kogutud ID-kaartide sertifikaatide andmebaasil, ajakirjandusel,otsesuhtlusel seotud osapooltega ning töö autori analüüsil ja eksperimentidel.For more than 18 years, the Estonian electronic identity card (ID card) has provided a secure electronic identity for Estonian residents. The public-key cryptography and private keys stored on the card enable Estonian ID card holders to access e-services, give legally binding digital signatures and even cast an i-vote in national elections. This work provides a comprehensive study on the Estonian ID card and its security challenges. We introduce the Estonian ID card and its ecosystem by describing the involved parties and processes, the core electronic functionality of the ID card, related technical and legal concepts, and the related issues. We describe the ID card smart card chip platforms used over the years and the identity document types that have been issued using these platforms. We present a detailed analysis of the asymmetric cryptography functionality provided by each ID card platform and present a description and security analysis of the ID card remote update solutions that have been provided for each ID card platform. As yet another contribution of this work, we present a systematic study of security incidents and similar issues the Estonian ID card has experienced over the years. We describe the technical nature of the issue, mitigation measures applied and the reflections on the media. In the course of this research, several previously unknown security issues were discovered and reported to the involved parties. The research has been based on publicly available documentation, collection of ID card certificates in circulation, information reflected in media, information from the involved parties, and our own analysis and experiments performed in the field.https://www.ester.ee/record=b541416

The development and use of the Secure Electronic Transaction (SET) protocol on the internet

While still in its infancy, Electronic Commerce is growing at an exponential rate each year (Walson, 1997. p.53). Although few doubt that such growth will only continue in years to come, many people still have serious reservations about the levels of security offered by currently available applications for conducting such trade. This thesis identifies some of the key areas of concern regarding Electronic Commerce on the lnternet, and looks at the ways in which the Secure Electronic Transaction (SET) model, proposed by Mastercard and Visa, succeeds or fails in addressing these concerns. It identifies and describes the key dements and primary functions of the SET protocols in a manner that will enable students and other interested parties to understand these protocols quickly and easily

challenging the trustworthiness of pgp is the web of trust tear proof

The OpenPGP protocol provides a long time adopted and widespread tool for secure and authenticated asynchronous communications, as well as supplies data integrity and authenticity validation for software distribution. In this work, we analyze the Web-of-Trust on which the OpenPGP public key authentication mechanism is based, and evaluate a threat model where its functionality can be jeopardized. Since the threat model is based on the viability of compromising an OpenPGP keypair, we performed an analysis of the state of health of the global OpenPGP key repository. Despite the detected amount of weak keypairs is rather low, our results show how, under reasonable assumptions, approximately 70i¾ź% of the Web-of-Trust strong set is potentially affected by the described threat. Finally, we propose viable mitigation strategies to cope with the highlighted threat

Strong proxy signature scheme with proxy signer privacy protection.

by Shum Kwan.Thesis (M.Phil.)--Chinese University of Hong Kong, 2002.Includes bibliographical references (leaves 30-32).Abstracts in English and Chinese.Acknowledgement --- p.iiAbstract --- p.iii□ □ --- p.ivChapter 1 . --- Introduction --- p.1Chapter 1.1 --- Introduction to topic --- p.1Chapter 1.2 --- What is proxy signature? --- p.2Chapter 1.3 --- Terminologies in proxy signature --- p.2Chapter 1.4 --- Levels of delegation --- p.3Chapter 1.5 --- Previous work on Proxy Signature --- p.4Chapter 1.6 --- Our Contributions --- p.4Chapter 1.7 --- Thesis Organization --- p.4Chapter 2. --- Backgroun d --- p.6Chapter 2.1 --- Digital Signature --- p.6Chapter 2.2 --- Digital Certificate and CA --- p.6Chapter 2.3 --- Hash Functions --- p.7Chapter 2.4 --- Bit commitment --- p.7Chapter 3. --- Brief introduction to Our Result --- p.8Chapter 3.1 --- A Proxy Signature Scheme with Proxy Signer Privacy Protection --- p.8Chapter 3.2 --- Applications of Proxy Signature --- p.9Chapter 4. --- Detail Explanation of Certified Alias and its Application on Proxy Signature --- p.10Chapter 4.1 --- Introduction --- p.10Chapter 4.2 --- Protecting Signer Privacy Using Certified Alias Definition 4.2.3 --- p.10Chapter 4.3 --- Constructing Proxy signature Scheme by Consecutive Execution of Cryptographic Primitives (Scheme CE) --- p.11Chapter 4.4 --- Constructing Proxy signature Scheme by Direct Form Equations (Scheme DF) --- p.15Chapter 4.5 --- Comparison between scheme CE and scheme DF --- p.19Chapter 4.6 --- Chapter Summary --- p.20Chapter 5 . --- Applications of Proxy Signature with Proxy Signer Privacy Protection --- p.21Chapter 5.1 --- Secure Mobile agent Signature with Itinerary Privacy --- p.21Chapter 5.1.1 --- Introduction to Mobile Agent --- p.21Chapter 5.1.2 --- "Review on Lee, et al. strong non-designated proxy signature scheme for mobile agents" --- p.21Chapter 5.1.3 --- Constructing Signature scheme for Mobile Agent using Proxy signature with Proxy Signer Privacy Protection --- p.22Chapter 5.1.4 --- Remarks --- p.23Chapter 5.2 --- Group Signature with Unlimited Group Size --- p.24Chapter 5.2.1 --- Introduction to group signature --- p.24Chapter 5.2.2 --- Constructing group signature scheme using certified alias --- p.24Chapter 5.2.4 --- Remarks --- p.26Chapter 5.3 --- Chapter Summary --- p.27Chapter 6. --- Conclusions --- p.28Appendix: Paper derived from this thesis --- p.29Bibliography --- p.3