A survey on Response Computaion Authentication techniques.

as we know the problems regarding data and system security are challenging and taking attraction of researchers. Although there are many techniques available which offers protection to systems there is no single Method which can provide full protection. As we know to provide security to system authentication in login system is main issue for developers. Response Computable Authentication is two way methods which are used by number of authentication system where an authentication system independently calculates the expected user response and authenticates a user if the actual user response matches the expected value. But such authentication system have been scare by malicious developer who can bypass normal authentication by covering logic in source code or using weak cryptography. This paper mainly focuses on RCA system to make sure that authentication system will not be influenced by backdoors. In this paper our main goal is to take review of different methods, approaches and techniques used for Response Computation Authentication

Exploitation of Unintentional Information Leakage from Integrated Circuits

Unintentional electromagnetic emissions are used to recognize or verify the identity of a unique integrated circuit (IC) based on fabrication process-induced variations in a manner analogous to biometric human identification. The effectiveness of the technique is demonstrated through an extensive empirical study, with results presented indicating correct device identification success rates of greater than 99:5%, and average verification equal error rates (EERs) of less than 0:05% for 40 near-identical devices. The proposed approach is suitable for security applications involving commodity commercial ICs, with substantial cost and scalability advantages over existing approaches. A systematic leakage mapping methodology is also proposed to comprehensively assess the information leakage of arbitrary block cipher implementations, and to quantitatively bound an arbitrary implementation\u27s resistance to the general class of differential side channel analysis techniques. The framework is demonstrated using the well-known Hamming Weight and Hamming Distance leakage models, and approach\u27s effectiveness is demonstrated through the empirical assessment of two typical unprotected implementations of the Advanced Encryption Standard. The assessment results are empirically validated against correlation-based differential power and electromagnetic analysis attacks

A polymorphic advanced encryption standard - A novel approach

To secure various forms of data, a polymorphic variant of the Advanced Encryption Standard (P-AES) has been introduced. In the P-AES, the AES parameters' values will change with every new key. The exact values will be available only to legitimate communicating parties during execution time. To achieve these objectives, the basic AES transformations, SubBytes, ShiftRows, and MixColumns, have been made key-dependent in the proposed P-AES. Hence, with every new key, these transformations will operate differently. The receiver can retrieve the operations' details from the encryption key. Consequently, polymorphism has been achieved and interoperability remains intact. P-AES has been implemented seamlessly using the existing AES modules, and the performance was more or less equal to the AES performance (71 and 70 milliseconds to encrypt 500 bytes using the P-AES and the AES respectively). From a security standpoint, the proposed P-AES fully complies with Kerckhoff's principle. This means the cipher has an open design, and the security provided by the P-AES depends only on the secrecy of the encryption key. The cipher resistance to differential and linear attacks has been proved. Moreover, the resulting proposed cipher can operate in 128 different ways, which will significantly reduce the capabilities of any sophisticated attacker. Furthermore, the proposed P-AES's scores of the key avalanche and the plaintext avalanche were 0.496 and 0.504 respectively. Finally, the Statistical Test Suite (STS) recommended by the NIST has been used to ensure the randomness of the cipher output, and the cipher has passed all the STS tests

Information warfare and modern aircraft

The purpose of this thesis is to determine if modern aircraft are currently at risk of falling Victim to information warfare attacks or if they will be in the near future (less than 10 years). Defensive measures that are currently being used to protect this critical infrastructure will be discussed and evaluated for their effectiveness in preventing the degradation caused by these attacks. Every effort has been made to use reliable sources of information to present an accurate status of modern aircraft and the aviation infrastructure with respect to information warfare. With information warfare being such a recent topic, much of the most up-to-date information has not been published in traditional medium yet and therefore, the author had to augment his research by utilizing other sources , such as newspaper articles, magazines and the Internet. It was concluded that, to date, neither the airline industry nor the FAA has experienced large-scale attacks by cyber warriors, even though the industry is becoming more susceptible to such attacks This absence of attacks SHOULD NOT BE used to lull oneself into a false sense of security with the conclusion that the industry is properly protected from information warfare attacks. The reality is that these information warfare attacks can and are being successfully executed at an extreme cost and/or danger to the ill prepared and lucrative targets

Secure Session Framework: An Identity-based Cryptographic Key Agreement and Signature Protocol

Die vorliegende Dissertation beschäftigt sich mit der Methode der identitätsbasierten Verschlüsselung. Hierbei wird der Name oder die Identität eines Zielobjekts zum Verschlüsseln der Daten verwendet. Diese Eigenschaft macht diese Methode zu einem passenden Werkzeug für die moderne elektronische Kommunikation, da die dort verwendeten Identitäten oder Endpunktadressen weltweit eindeutig sein müssen. Das in der Arbeit entwickelte identitätsbasierte Schlüsseleinigungsprotokoll bietet Vorteile gegenüber existierenden Verfahren und eröffnet neue Möglichkeiten. Eines der Hauptmerkmale ist die komplette Unabhängigkeit der Schlüsselgeneratoren. Diese Unabhängigkeit ermöglicht es, dass verschiedene Sicherheitsdomänen ihr eigenes System aufsetzen können. Sie sind nicht mehr gezwungen, sich untereinander abzusprechen oder Geheimnisse auszutauschen. Auf Grund der Eigenschaften des Protokolls sind die Systeme trotzdem untereinander kompatibel. Dies bedeutet, dass Anwender einer Sicherheitsdomäne ohne weiteren Aufwand verschlüsselt mit Anwendern einer anderen Sicherheitsdomäne kommunizieren können. Die Unabhängigkeit wurde ebenfalls auf ein Signatur-Protokoll übertragen. Es ermöglicht, dass Benutzer verschiedener Sicherheitsdomänen ein Objekt signieren können, wobei auch der Vorgang des Signierens unabhängig sein kann. Neben dem Protokoll wurde in der Arbeit auch die Analyse von bestehenden Systemen durchgeführt. Es wurden Angriffe auf etablierte Protokolle und Vermutungen gefunden, die aufzeigen, ob oder in welchen Situationen diese nicht verwendet werden sollten. Dabei wurde zum einen eine komplett neue Herangehensweise gefunden, die auf der (Un-)Definiertheit von bestimmten Objekten in diskreten Räumen basiert. Zum anderen wurde die bekannte Analysemethode der Gitterreduktion benutzt und erfolgreich auf neue Bereiche übertragen. Schlussendlich werden in der Arbeit Anwendungsszenarien für das Protokoll vorgestellt, in denen dessen Vorteile besonders relevant sind. Das erste Szenario bezieht sich auf Telefonie, wobei die Telefonnummer einer Zielperson als Schlüssel verwendet. Sowohl GSM-Telefonie als auch VoIP-Telefonie werden in der Arbeit untersucht. Dafür wurden Implementierungen auf einem aktuellen Mobiltelefon durchgeführt und bestehende VoIP-Software erweitert. Das zweite Anwendungsbeispielsind IP-Netzwerke. Auch die Benutzung der IP-Adresse eines Rechners als Schlüssel ist ein gutes Beispiel, jedoch treten hier mehr Schwierigkeiten auf als bei der Telefonie. Es gibt beispielsweise dynamische IP-Adressen oder die Methode der textit{Network Address Translation}, bei der die IP-Adresse ersetzt wird. Diese und weitere Probleme wurden identifiziert und jeweils Lösungen erarbeitet

A Survey of Automatic Contact Tracing Approaches Using Bluetooth Low Energy

To combat the ongoing Covid-19 pandemic, many new ways have been proposed on how to automate the process of finding infected people, also called contact tracing. A special focus was put on preserving the privacy of users. Bluetooth Low Energy (BLE) as base technology has the most promising properties, so this survey focuses on automated contact tracing techniques using BLE. We define multiple classes of methods and identify two major groups: systems that rely on a server for finding new infections and systems that distribute this process. Existing approaches are systematically classified regarding security and privacy criteria

The Art of Manipulation: Agents of Influence and the Rise of the American National Security State, 1914-1960

Throughout the twentieth century, British and Chinese agents of influence, fellow travelers and their unwitting allies conducted political warfare campaigns designed to exploit America’s rising xenophobia to achieve specific diplomatic goals. The result of these “friendly” political warfare campaigns led the United States to not only fight in two world wars but also lead to a fundamental shift in U.S. foreign and domestic policy. By creating a culture of fear, these political warfare specialists influenced the U.S. political climate making it amiable toward their respective governments’ diplomatic agendas. These foreign agents infiltrated the media, created front organizations, and quietly worked behind the scenes to shape American foreign and domestic policy. During the First World War, British intelligence played on American fears by suggesting that “hyphenated” Americans might be treasonous. Patience, luck, and nerve finally paid off as a reluctant president asked Congress to declare war. Two decades later, England, once again, found itself embroiled in war. By the summer of 1940, Winston Churchill, the newly appointed British Prime Minister, knew the only way the British Empire could survive was to drag the United States into the conflict. Using the lessons learned from the Great War, British intelligence began working to drag a reluctant nation to war. British agents of influence suggested that German Fifth columnists working on American soil sought to undermine the nation. The fear of subversion helped to shift U.S. attitudes. The British were not the only nation struggling to survive. Half a world away, the Chinese fought Imperial Japan, and like the British, the Chinese began lobbying the United State for support. The British and the Chinese competed for American aid. The Japanese attack on Pearl Harbor did not end this competition nor did the defeat of the Axis powers. As the “Good War” ended, the British and the Chinese worked to ensure that U.S. aid would help rebuild their shattered economies. The blowback from these operations led the rise of the American national security state. This is the story of how these agents of influence and their domestic allies worked to change the course of a nation.History, Department o