A Method for Patching Interleaving-Replay Attacks in Faulty Security Protocols

AbstractThe verification of security protocols has attracted a lot of interest in the formal methods community, yielding two main verification approaches: i) state exploration, e.g. FDR [Gavin Lowe. Breaking and fixing the needham-schroeder public-key protocol using FDR. In TACAs'96: Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems, pages 147–166, London, UK, 1996. Springer-Verlag] and OFMC [A.D. Basin, S. Mödersheim, and L. Viganò. An on-the-fly model-checker for security protocol analysis. In D. Gollmann and E. Snekkenes, editors, ESORICS'03: 8th European Symposium on Research in Computer Security, number 2808 in Lecture Notes in Computer Science, pages 253–270, Gjøvik, Norway, 2003. Springer-Verlag]; and ii) theorem proving, e.g. the Isabelle inductive method [Lawrence C. Paulson. The inductive approach to verifying cryptographic protocols. Journal in Computer Security, 6(1-2):85–128, 1998] and Coral [G. Steel, A. Bundy, and M. Maidl. Attacking the asokan-ginzboorg protocol for key distribution in an ad-hoc bluetooth network using coral. In H. König, M. Heiner, and A. Wolisz, editors, IFIP TC6 /WG 6.1: Proceedings of 23rd IFIP International Conference on Formal Techniques for Networked and Distributed Systems, volume 2767, pages 1–10, Berlin, Germany, 2003. FORTE 2003 (work in progress papers)]. Complementing formal methods, Abadi and Needham's principles aim to guide the design of security protocols in order to make them simple and, hopefully, correct [M. Abadi and R. Needham. Prudent engineering practice for cryptographic protocols. IEEE Transactions on Software Engineering, 22(1):6–15, 1996]. We are interested in a problem related to verification but far less explored: the correction of faulty security protocols. Experience has shown that the analysis of counterexamples or failed proof attempts often holds the key to the completion of proofs and for the correction of a faulty model. In this paper, we introduce a method for patching faulty security protocols that are susceptible to an interleaving-replay attack. Our method makes use of Abadi and Needham's principles for the prudent engineering practice for cryptographic protocols in order to guide the location of the fault in a protocol as well as the proposition of candidate patches. We have run a test on our method with encouraging results. The test set includes 21 faulty security protocols borrowed from the Clark-Jacob library [J. Clark and J. Jacob. A survey of authentication protocol literature: Version 1.0. Technical report, Department of Computer Science, University of York, November 1997. A complete specification of the Clark-Jacob library in CAPSL is available at http://www.cs.sri.com/millen/capsl/]

A Self Recovery Approach using Halftone Images for Medical Imagery System

ABSTRACT Security has become an inseparable issue even in the field of medical applications. Communication in medicine and healthcare is very important. The fast growth of the exchange traffic in medical imagery on the Internet justifies the creation of adapted tools guaranteeing the quality and the confidentiality of the information while respecting the legal and ethical constraints, specific to this field. Visual Cryptography is the study of mathematical techniques related aspects of Information Security which allows Visual information to be encrypted in such a way that their decryption can be performed by the human visual system, without any complex cryptographic algorithms. This technique represents the secret image by several different shares of binary images. It is hard to perceive any clues about a secret image from individual shares. The secret message is revealed when parts or all of these shares are aligned and stacked together. In this paper we provide an overview of the emerging Visual Cryptography (VC) techniques used in the secure transfer of the medical images over in the internet. The related work is based on the recovering of secret image using a binary logo which is used to represent the ownership of the host image which generates shadows by visual cryptography algorithms. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 -6375(Online) Volume 1 Number 2, Sep -Oct (2010), pp. 133-146 © IAEME, http://www.iaeme.com/ijcet.html , © IAEME 134 An error correction-coding scheme is also used to create the appropriate shadow. The logo extracted from the half-toned host image identifies the cheating types. Furthermore, the logo recovers the reconstructed image when shadow is being cheated using an image self-verification scheme based on the Rehash technique which rehash the halftone logo for effective self verification of the reconstructed secret image without the need for the trusted third party (TTP). IJCET © I A E M E International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 -6367(Print), ISSN 0976 -6375(Online) Volume 1, Number 2

Interoperability, Trust Based Information Sharing Protocol and Security: Digital Government Key Issues

Improved interoperability between public and private organizations is of key significance to make digital government newest triumphant. Digital Government interoperability, information sharing protocol and security are measured the key issue for achieving a refined stage of digital government. Flawless interoperability is essential to share the information between diverse and merely dispersed organisations in several network environments by using computer based tools. Digital government must ensure security for its information systems, including computers and networks for providing better service to the citizens. Governments around the world are increasingly revolving to information sharing and integration for solving problems in programs and policy areas. Evils of global worry such as syndrome discovery and manage, terror campaign, immigration and border control, prohibited drug trafficking, and more demand information sharing, harmonization and cooperation amid government agencies within a country and across national borders. A number of daunting challenges survive to the progress of an efficient information sharing protocol. A secure and trusted information-sharing protocol is required to enable users to interact and share information easily and perfectly across many diverse networks and databases globally.Comment: 20 page

Formal Development of Rough Inclusion Functions

Rough sets, developed by Pawlak [15], are important tool to describe situation of incomplete or partially unknown information. In this article, continuing the formalization of rough sets [12], we give the formal characterization of three rough inclusion functions (RIFs). We start with the standard one, κ£, connected with Łukasiewicz [14], and extend this research for two additional RIFs: κ 1, and κ 2, following a paper by Gomolińska [4], [3]. We also define q-RIFs and weak q-RIFs [2]. The paper establishes a formal counterpart of [7] and makes a preliminary step towards rough mereology [16], [17] in Mizar [13].Institute of Informatics, University of Białystok, PolandAnna Gomolinska. A comparative study of some generalized rough approximations. Fundamenta Informaticae, 51:103–119, 2002.Anna Gomolinska. Rough approximation based on weak q-RIFs. In James F. Peters, Andrzej Skowron, Marcin Wolski, Mihir K. Chakraborty, and Wei-Zhi Wu, editors, Transactions on Rough Sets X, volume 5656 of Lecture Notes in Computer Science, pages 117–135, Berlin, Heidelberg, 2009. Springer. ISBN 978-3-642-03281-3. doi:10.1007/978-3-642-03281-3_4.Anna Gomolinska. On three closely related rough inclusion functions. In Marzena Kryszkiewicz, James F. Peters, Henryk Rybinski, and Andrzej Skowron, editors, Rough Sets and Intelligent Systems Paradigms, volume 4585 of Lecture Notes in Computer Science, pages 142–151, Berlin, Heidelberg, 2007. Springer. doi:10.1007/978-3-540-73451-2_16.Anna Gomolinska. On certain rough inclusion functions. In James F. Peters, Andrzej Skowron, and Henryk Rybinski, editors, Transactions on Rough Sets IX, volume 5390 of Lecture Notes in Computer Science, pages 35–55. Springer Berlin Heidelberg, 2008. doi:10.1007/978-3-540-89876-4_3.Adam Grabowski. On the computer-assisted reasoning about rough sets. In B. Dunin-Kęplicz, A. Jankowski, A. Skowron, and M. Szczuka, editors, International Workshop on Monitoring, Security, and Rescue Techniques in Multiagent Systems Location, volume 28 of Advances in Soft Computing, pages 215–226, Berlin, Heidelberg, 2005. Springer-Verlag. doi:10.1007/3-540-32370-8_15.Adam Grabowski. Efficient rough set theory merging. Fundamenta Informaticae, 135(4): 371–385, 2014. doi:10.3233/FI-2014-1129.Adam Grabowski. Building a framework of rough inclusion functions by means of computerized proof assistant. In Tamás Mihálydeák, Fan Min, Guoyin Wang, Mohua Banerjee, Ivo Düntsch, Zbigniew Suraj, and Davide Ciucci, editors, Rough Sets, volume 11499 of Lecture Notes in Computer Science, pages 225–238, Cham, 2019. Springer International Publishing. ISBN 978-3-030-22815-6. doi:10.1007/978-3-030-22815-6_18.Adam Grabowski. Lattice theory for rough sets – a case study with Mizar. Fundamenta Informaticae, 147(2–3):223–240, 2016. doi:10.3233/FI-2016-1406.Adam Grabowski. Relational formal characterization of rough sets. Formalized Mathematics, 21(1):55–64, 2013. doi:10.2478/forma-2013-0006.Adam Grabowski. Binary relations-based rough sets – an automated approach. Formalized Mathematics, 24(2):143–155, 2016. doi:10.1515/forma-2016-0011.Adam Grabowski and Christoph Schwarzweller. On duplication in mathematical repositories. In Serge Autexier, Jacques Calmet, David Delahaye, Patrick D. F. Ion, Laurence Rideau, Renaud Rioboo, and Alan P. Sexton, editors, Intelligent Computer Mathematics, 10th International Conference, AISC 2010, 17th Symposium, Calculemus 2010, and 9th International Conference, MKM 2010, Paris, France, July 5–10, 2010. Proceedings, volume 6167 of Lecture Notes in Computer Science, pages 300–314. Springer, 2010. doi:10.1007/978-3-642-14128-7_26.Adam Grabowski and Michał Sielwiesiuk. Formalizing two generalized approximation operators. Formalized Mathematics, 26(2):183–191, 2018. doi:10.2478/forma-2018-0016.Adam Grabowski, Artur Korniłowicz, and Adam Naumowicz. Four decades of Mizar. Journal of Automated Reasoning, 55(3):191–198, 2015. doi:10.1007/s10817-015-9345-1.Jan Łukasiewicz. Die logischen Grundlagen der Wahrscheinlichkeitsrechnung. In L. Borkowski, editor, Jan Łukasiewicz – Selected Works, pages 16–63. North Holland, Polish Scientific Publ., Amsterdam London Warsaw, 1970. First published in Kraków, 1913.Zdzisław Pawlak. Rough sets. International Journal of Parallel Programming, 11:341–356, 1982. doi:10.1007/BF01001956.Lech Polkowski. Rough mereology. In Approximate Reasoning by Parts, volume 20 of Intelligent Systems Reference Library, pages 229–257, Berlin, Heidelberg, 2011. Springer. ISBN 978-3-642-22279-5. doi:10.1007/978-3-642-22279-5_6.Lech Polkowski and Andrzej Skowron. Rough mereology: A new paradigm for approximate reasoning. International Journal of Approximate Reasoning, 15(4):333–365, 1996. doi:10.1016/S0888-613X(96)00072-2.Andrzej Skowron and Jarosław Stepaniuk. Tolerance approximation spaces. Fundamenta Informaticae, 27(2/3):245–253, 1996. doi:10.3233/FI-1996-272311.William Zhu. Generalized rough sets based on relations. Information Sciences, 177: 4997–5011, 2007.27433734

The effect of cyber-attacks on stock returns

A widely debated issue in recent years is cybercrime. Breaches in the security of accessibility, integrity and confidentiality of information involve potentially high explicit and implicit costs for firms. This paper investigates the impact of information security breaches on stock returns. Using event-study methodology, the study provides empirical evidence on the effect of announcements of cyber-attacks on the market value of firms from 1995 to 2015. Results show that substantial negative market returns occur following announcements of cyber-attacks. Financial entities often suffer greater negative effects than other companies and non-confidential cyber-attacks are the most dangerous, especially for the financial sector. Overall findings seem to show a link between cybercrime and insider trading

Lightweight Mutual Authentication Protocol for Low Cost RFID Tags

Radio Frequency Identification (RFID) technology one of the most promising technologies in the field of ubiquitous computing. Indeed, RFID technology may well replace barcode technology. Although it offers many advantages over other identification systems, there are also associated security risks that are not easy to be addressed. When designing a real lightweight authentication protocol for low cost RFID tags, a number of challenges arise due to the extremely limited computational, storage and communication abilities of Low-cost RFID tags. This paper proposes a real mutual authentication protocol for low cost RFID tags. The proposed protocol prevents passive attacks as active attacks are discounted when designing a protocol to meet the requirements of low cost RFID tags. However the implementation of the protocol meets the limited abilities of low cost RFID tags.Comment: 11 Pages, IJNS