Cryptanalysis of the RSA-CEGD protocol

Recently, Nenadi\'c et al. (2004) proposed the RSA-CEGD protocol for certified delivery of e-goods. This is a relatively complex scheme based on verifiable and recoverable encrypted signatures (VRES) to guarantee properties such as strong fairness and non-repudiation, among others. In this paper, we demonstrate how this protocol cannot achieve fairness by presenting a severe attack and also pointing out some other weaknesses.Comment: 8 pages, 1 figur

Past, present and future of mobile payments research: A literature review

The mobile payment services markets are currently under transition with a history of numerous tried and failed solutions, and a future of promising but yet uncertain possibilities with potential new technology innovations. At this point of the development, we take a look at the current state of the mobile payment services market from a literature review perspective. We review prior literature on mobile payments, analyze the various factors that impact mobile payment services markets, and suggest directions for future research in this still emerging field. To facilitate the analysis of literature, we propose a framework of four contingency and five competitive force factors, and organize the mobile payment research under the proposed framework. Consumer perspective of mobile payments as well as technical security and trust are best covered by contemporary research. The impacts of social and cultural factors on mobile payments, as well as comparisons between mobile and traditional payment services are entirely uninvestigated issues. Most of the factors outlined by the framework have been addressed by exploratory and early phase studies. </p

Web Based English Placement Test System (ELPTS)

The English language proficiency of international students admitted to study different academic programs in University of Utara Malaysia is of paramount importance. Students are expected to communicate satisfactorily (verbal and written) during the course of their studies. The presently conducted English placement test is paper-based, which is time consuming and effort spending. This study aims to develop a web-based English Language Placement Test; in order to reduce the time and efforts which are required in paper based tests. Therefore, Vaishnavi method is used to design and develop the prototype model. According to the requirements are collected through interview with both students and department staff. Moreover, the prototype model is proposed, and the system is developed. Furthermore, the user acceptance test is conducted

Concepto de aristas múltiples empleado para esteganografía de imagen

Digital Steganography means hiding sensitive data inside a cover object ina way that is invisible to un-authorized persons. Many proposed steganography techniques in spatial domain may achieve high invisibility requirement but sacrifice the good robustness against attacks. In some cases, weneed to take in account not just the invisibility but also we need to thinkabout other requirement which is the robustness of recovering the embedded secrete messages. In this paper we propose a new steganoraphicscheme that aims to achieve the robustness even the stego image attackedby steganalyzers. Furthermore, we proposed a scheme which is more robust against JPEG compression attack compared with other traditionalsteganography schemes

Time- and Amplitude-Controlled Power Noise Generator against SPA Attacks for FPGA-Based IoT Devices

Power noise generation for masking power traces is a powerful countermeasure against Simple Power Analysis (SPA), and it has also been used against Differential Power Analysis (DPA) or Correlation Power Analysis (CPA) in the case of cryptographic circuits. This technique makes use of power consumption generators as basic modules, which are usually based on ring oscillators when implemented on FPGAs. These modules can be used to generate power noise and to also extract digital signatures through the power side channel for Intellectual Property (IP) protection purposes. In this paper, a new power consumption generator, named Xored High Consuming Module (XHCM), is proposed. XHCM improves, when compared to others proposals in the literature, the amount of current consumption per LUT when implemented on FPGAs. Experimental results show that these modules can achieve current increments in the range from 2.4 mA (with only 16 LUTs on Artix-7 devices with a power consumption density of 0.75 mW/LUT when using a single HCM) to 11.1 mA (with 67 LUTs when using 8 XHCMs, with a power consumption density of 0.83 mW/LUT). Moreover, a version controlled by Pulse-Width Modulation (PWM) has been developed, named PWM-XHCM, which is, as XHCM, suitable for power watermarking. In order to build countermeasures against SPA attacks, a multi-level XHCM (ML-XHCM) is also presented, which is capable of generating different power consumption levels with minimal area overhead (27 six-input LUTS for generating 16 different amplitude levels on Artix-7 devices). Finally, a randomized version, named RML-XHCM, has also been developed using two True Random Number Generators (TRNGs) to generate current consumption peaks with random amplitudes at random times. RML-XHCM requires less than 150 LUTs on Artix-7 devices. Taking into account these characteristics, two main contributions have been carried out in this article: first, XHCM and PWM-XHCM provide an efficient power consumption generator for extracting digital signatures through the power side channel, and on the other hand, ML-XHCM and RML-XHCM are powerful tools for the protection of processing units against SPA attacks in IoT devices implemented on FPGAs.Junta de AndaluciaEuropean Commission B-TIC-588-UGR2

Counter-Measures against Stack Buffer Overflows in GNU/Linux Operating Systems

AbstractWe address the particular cyber attack technique known as stack buffer overflow in GNU/Linux operating systems, which are widely used in HPC environments. The buffer overflow problem has been around for quite some time and continues to be an ever present issue. We develop a mechanism to successfully detect and react whenever a stack buffer overflow occurs. Our solution requires no compile-time support and so can be applied to any program, including legacy or closed source software for which the source code is not available. This makes it especially useful in HPC environments where given their complexity and scope of the computing system, incidents like overflows might be difficult to detect and react to accordingly