104 research outputs found
Cryptanalysis of the RSA-CEGD protocol
Recently, Nenadi\'c et al. (2004) proposed the RSA-CEGD protocol for
certified delivery of e-goods. This is a relatively complex scheme based on
verifiable and recoverable encrypted signatures (VRES) to guarantee properties
such as strong fairness and non-repudiation, among others. In this paper, we
demonstrate how this protocol cannot achieve fairness by presenting a severe
attack and also pointing out some other weaknesses.Comment: 8 pages, 1 figur
Past, present and future of mobile payments research: A literature review
The mobile payment services markets are currently under transition with a history of numerous tried and failed solutions, and a future
of promising but yet uncertain possibilities with potential new technology innovations. At this point of the development, we take a look
at the current state of the mobile payment services market from a literature review perspective. We review prior literature on mobile
payments, analyze the various factors that impact mobile payment services markets, and suggest directions for future research in this
still emerging field. To facilitate the analysis of literature, we propose a framework of four contingency and five competitive force factors,
and organize the mobile payment research under the proposed framework. Consumer perspective of mobile payments as well as technical
security and trust are best covered by contemporary research. The impacts of social and cultural factors on mobile payments, as well as
comparisons between mobile and traditional payment services are entirely uninvestigated issues. Most of the factors outlined by the
framework have been addressed by exploratory and early phase studies.
</p
Web Based English Placement Test System (ELPTS)
The English language proficiency of international students admitted to study different academic programs in University of Utara Malaysia is of paramount importance. Students are expected to communicate satisfactorily (verbal and written) during the course of their studies. The presently conducted English placement test is paper-based, which is time consuming and effort spending. This study aims to develop a web-based English Language Placement Test; in order to reduce the time and efforts which are required in paper based tests. Therefore, Vaishnavi method is used to design and develop the prototype model. According to the requirements are collected through interview with both students and department staff. Moreover, the prototype model is proposed, and the system is developed. Furthermore, the user acceptance test is conducted
Concepto de aristas múltiples empleado para esteganografÃa de imagen
Digital Steganography means hiding sensitive data inside a cover object ina way that is invisible to un-authorized persons. Many proposed steganography techniques in spatial domain may achieve high invisibility requirement but sacrifice the good robustness against attacks. In some cases, weneed to take in account not just the invisibility but also we need to thinkabout other requirement which is the robustness of recovering the embedded secrete messages. In this paper we propose a new steganoraphicscheme that aims to achieve the robustness even the stego image attackedby steganalyzers. Furthermore, we proposed a scheme which is more robust against JPEG compression attack compared with other traditionalsteganography schemes
Time- and Amplitude-Controlled Power Noise Generator against SPA Attacks for FPGA-Based IoT Devices
Power noise generation for masking power traces is a powerful countermeasure against
Simple Power Analysis (SPA), and it has also been used against Differential Power Analysis (DPA) or
Correlation Power Analysis (CPA) in the case of cryptographic circuits. This technique makes use of
power consumption generators as basic modules, which are usually based on ring oscillators when
implemented on FPGAs. These modules can be used to generate power noise and to also extract
digital signatures through the power side channel for Intellectual Property (IP) protection purposes.
In this paper, a new power consumption generator, named Xored High Consuming Module (XHCM),
is proposed. XHCM improves, when compared to others proposals in the literature, the amount of
current consumption per LUT when implemented on FPGAs. Experimental results show that these
modules can achieve current increments in the range from 2.4 mA (with only 16 LUTs on Artix-7
devices with a power consumption density of 0.75 mW/LUT when using a single HCM) to 11.1 mA
(with 67 LUTs when using 8 XHCMs, with a power consumption density of 0.83 mW/LUT). Moreover,
a version controlled by Pulse-Width Modulation (PWM) has been developed, named PWM-XHCM,
which is, as XHCM, suitable for power watermarking. In order to build countermeasures against
SPA attacks, a multi-level XHCM (ML-XHCM) is also presented, which is capable of generating
different power consumption levels with minimal area overhead (27 six-input LUTS for generating
16 different amplitude levels on Artix-7 devices). Finally, a randomized version, named RML-XHCM,
has also been developed using two True Random Number Generators (TRNGs) to generate current
consumption peaks with random amplitudes at random times. RML-XHCM requires less than
150 LUTs on Artix-7 devices. Taking into account these characteristics, two main contributions
have been carried out in this article: first, XHCM and PWM-XHCM provide an efficient power
consumption generator for extracting digital signatures through the power side channel, and on the
other hand, ML-XHCM and RML-XHCM are powerful tools for the protection of processing units
against SPA attacks in IoT devices implemented on FPGAs.Junta de AndaluciaEuropean Commission B-TIC-588-UGR2
Counter-Measures against Stack Buffer Overflows in GNU/Linux Operating Systems
AbstractWe address the particular cyber attack technique known as stack buffer overflow in GNU/Linux operating systems, which are widely used in HPC environments. The buffer overflow problem has been around for quite some time and continues to be an ever present issue. We develop a mechanism to successfully detect and react whenever a stack buffer overflow occurs. Our solution requires no compile-time support and so can be applied to any program, including legacy or closed source software for which the source code is not available. This makes it especially useful in HPC environments where given their complexity and scope of the computing system, incidents like overflows might be difficult to detect and react to accordingly
- …