Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning

The secret keys of critical network authorities - such as time, name, certificate, and software update services - represent high-value targets for hackers, criminals, and spy agencies wishing to use these keys secretly to compromise other hosts. To protect authorities and their clients proactively from undetected exploits and misuse, we introduce CoSi, a scalable witness cosigning protocol ensuring that every authoritative statement is validated and publicly logged by a diverse group of witnesses before any client will accept it. A statement S collectively signed by W witnesses assures clients that S has been seen, and not immediately found erroneous, by those W observers. Even if S is compromised in a fashion not readily detectable by the witnesses, CoSi still guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to risk that the compromise will soon be detected by one of the W witnesses. Because clients can verify collective signatures efficiently without communication, CoSi protects clients' privacy, and offers the first transparency mechanism effective against persistent man-in-the-middle attackers who control a victim's Internet access, the authority's secret key, and several witnesses' secret keys. CoSi builds on existing cryptographic multisignature methods, scaling them to support thousands of witnesses via signature aggregation over efficient communication trees. A working prototype demonstrates CoSi in the context of timestamping and logging authorities, enabling groups of over 8,000 distributed witnesses to cosign authoritative statements in under two seconds.Comment: 20 pages, 7 figure

A Secure Mobile-based Authentication System

Financial information is extremely sensitive. Hence, electronic banking must provide a robust system to authenticate its customers and let them access their data remotely. On the other hand, such system must be usable, affordable, and portable.We propose a challengeresponse based one-time password (OTP) scheme that uses symmetric cryptography in combination with a hardware security module. The proposed protocol safeguards passwords from keyloggers and phishing attacks. Besides, this solution provides convenient mobility for users who want to bank online anytime and anywhere, not just from their own trusted computers.La informació financera és extremadament sensible. Per tant, la banca electrònica ha de proporcionar un sistema robust per autenticar als seus clients i fer-los accedir a les dades de forma remota. D'altra banda, aquest sistema ha de ser usable, accessible, i portàtil. Es proposa una resposta al desafiament basat en una contrasenya única (OTP), esquema que utilitza la criptografia simètrica en combinació amb un mòdul de maquinari de seguretat. Amés, aquesta solució ofereix mobilitat convenient per als usuaris que volen bancària en línia en qualsevol moment i en qualsevol lloc, no només des dels seus propis equips de confiança.La información financiera es extremadamente sensible. Por lo tanto, la banca electrónica debe proporcionar un sistema robusto para autenticar a sus clientes y hacerles acceder a sus datos de forma remota. Por otra parte, dicho sistema debe ser usable, accesible, y portátil. Se propone una respuesta al desafío basado en una contraseña única (OTP), esquema que utiliza la criptografía simétrica en combinación con un módulo hardware de seguridad hardware. Además, esta solución ofrece una movilidad conveniente para los usuarios que quieren la entidad bancaria en línea en cualquier momento y en cualquier lugar, no sólo des de sus propios equipos de confianza

Application of information systems in irregular settlement management and low-cost housing provision

Bibliography: pages 105-107.Information Systems, both paper-based and computer-based, are integral in the management of irregular settlements and the process of delivering low-cost housing in South Africa. An Irregular Settlement can be defined as an area where the 'shacks' have no fixed street address. Due to policies by previous regimes, under whose rule irregular settlements were almost ignored, there is often little or no spatial or socio-economic data available about existing irregular settlements. Thus for the use of the community, or to organisations interested in helping to improve the quality of life of the residents living in these settlements. As a prerequisite to quality of life, the basic need of shelter, along with food, healthcare and education need to be made available. The emphasis today is thus being placed on the provision of low-cost housing. A need thus arises to have up-to-date information about these irregular settlements in order to plan either for the upgrading of the settlement or for the relocation to new low-cost housing developments. Currently mostly paper-based systems are being used in these developments. There are two opportunities where computer-oriented information systems could be used at this time in 1996 and 1997 to assist with the management and upgrading of irregular settlements. The first is the stage of managing an existing irregular settlement; the second is managing the process of housing provision, taking advantage of the project-linked subsidy scheme. Two Cape Town based projects provide case studies for the application of information systems at the two stages identified above. The first is the Marconi Beam 'From Shacks to Houses' project located in Milnerton. The second is the Integrated Services Land Project (iSLP) of the Cape Flats. The Marconi Beam Settlement is an irregular settlement that has been accepted as part of the 'Project-Linked Subsidy Scheme' for the provision of new low-cost housing. Previously only paper-based systems were being used to manage the settlement and its move to the new Joe Slovo Park formal housing development. There was also found to be a lack of appropriate tools and awareness of which technology could be used in the process. Some of the specific application areas in which we were able to provide solutions in Marconi Beam included: ■ the identification of people directly affected by the fire that swept through the settlement in October 1996; ■ the residents who would be affected by the construction of a new road through the one area of the settlement could be identified, facilitating their movement away from the area; and ■ a system of tracking the internal moves of residents was devised by which we were able to maintain a record of the internal movements of residents whilst the system of the lottery was in place. Subsequently, with the use of the Block System, the identification of residents who were required to come in and have their applications for new houses processed, as a result of their spatial location in the settlement, was accomplished. The Indlu Management System, a computer based system, resulted from the need to keep track of, and process, large amounts of socio-economic data in order to speedily process the large number of applicants applying for national housing subsidies. As a result of the implementation of this system, the processing times per applicant have been reduced from 30 minutes to 10 minutes per applicant. The successful use of these systems in the two projects demonstrate that there is thus a definite role to be played in the use of information systems in relation to the management of irregular settlements and the provision of low-cost housing

Body language, security and e-commerce

Security is becoming an increasingly more important concern both at the desktop level and at the network level. This article discusses several approaches to authenticating individuals through the use of biometric devices. While libraries might not implement such devices, they may appear in the near future of desktop computing, particularly for access to institutional computers or for access to sensitive information. Other approaches to computer security focus on protecting the contents of electronic transmissions and verification of individual users. After a brief overview of encryption technologies, the article examines public-key cryptography which is getting a lot of attention in the business world in what is called public key infrastructure. It also examines other efforts, such as IBM’s Cryptolope, the Secure Sockets Layer of Web browsers, and Digital Certificates and Signatures. Secure electronic transmissions are an important condition for conducting business on the Net. These business transactions are not limited to purchase orders, invoices, and contracts. This could become an important tool for information vendors and publishers to control access to the electronic resources they license. As license negotiators and contract administrators, librarians need to be aware of what is happening in these new technologies and the impact that will have on their operations

The Microsoft vs. Netscape browser’s war: A game theory based analysis

During 1996 the world’s attention was captured by the litigation posed by the United States’ government against Microsoft, blaming the latter of abusive use of its monopoly power in order to win what was known as the “browser’s war”. This paper presents the previous scenario to the web browser’s battle carried out by Microsoft and Netscape, analyzing both firm’s strategies in a short and also in a long term horizon game. The study provided is based on game theory tools and attempts to give a model that explains the firms’ behavior. Although the presented model is quite simple, it accurately explains the strategic interaction between the firms and its predictions fits with the actual results.Eje: V - Workshop de agentes y sistemas inteligentesRed de Universidades con Carreras en Informática (RedUNCI

An Economic Analysis of Domain Name Policy

One of the most important features of the architecture of the Internet is the Domain Name System (DNS), which is administered by the Internet Corporation for Assigned Names and Numbers (ICANN). Logically, the DNS is organized into Top Level Domains (such as .com), Second Level Domains (such as amazon.com), and third, fourth, and higher level domains (such as www.amazon.com). The physically infrastructure of the DNS consists of name servers, including the Root Server System which provides the information that directs name queries for each Top Level Domain to the appropriate server. ICANN is responsible for the allocation of the root and the creation or reallocation of Top Level Domains. The Root Server System and associated name space are scarce resources in the economic sense. The root servers have a finite capacity and expansion of the system is costly. The name space is scarce, because each string (or set of characters) can only be allocated to one Registry (or operator of a Top Level Domain). In addition, name service is not a public good in the economic sense, because it is possible to exclude strings from the DNS and because the allocation of a string to one firm results in the inability of other firms to use that name string. From the economic perspective, therefore, the question arises: what is the most efficient method for allocating the root resource? There are only five basic options available for allocation of the root. (1) a static root, equivalent to a decision to waste the currently unallocated capacity; (2) public interest hearings (or beauty contests); (3) lotteries; (4) a queuing mechanism; or (5) an auction. The fundamental economic question about the Domain Name System is which of these provides the most efficient mechanism for allocating the root resource? This resource allocation problem is analogous to problems raised in the telecommunications sector, where the Federal Communications Commission has a long history of attempting to allocate broadcast spectrum and the telephone number space. This experience reveals that a case-by-case allocation on the basis of ad hoc judgments about the public interest is doomed to failure, and that auctions (as opposed to lotteries or queues) provide the best mechanism for insuring that such public-trust resources find their highest and best use. Based on the telecommunications experience, the best method for ICANN to allocate new Top Level Domains would be to conduct an auction. Many auction designs are possible. One proposal is to auction a fixed number of new Top Level Domain slots each year. This proposal would both expand the root resource at a reasonable pace and insure that the slots went to their highest and best use. Public interest Top Level Domains could be allocated by another mechanism such as a lottery and their costs to ICANN could be subsidized by the proceeds of the auction

Web based presentation of semantically tagged 3D content for public sculptures and monuments in the UK

Copyright © 2009 by the Association for Computing Machinery, Inc. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee